CVE-2025-4613 HIGH

CVE-2025-4613: Client side RCE in Google Web Designer App

Vendor Google

Product Web Designer App

Weakness CWE-20 · Input validation

Published June 12, 2025

Last update February 26, 2026

View on NVD All CVEs

CVSS base score

7.1/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/S:N/AU:N/R:U/V:D/RE:L

What the vulnerability does

01Description

Path traversal in Google Web Designer's template handling versions prior to 16.3.0.0407 on Windows allows attacker to achieve remote code execution by tricking users into downloading a malicious ad template

Key dates

02Disclosure timeline

June 12, 2025 CVE published

February 26, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-4613 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

CVE-2025-4613: Client side RCE in Google Web Designer App

01Description

02Disclosure timeline

03References

04Related CVE