CVE Daily

CVE-2025-4613

Path traversal in Google Web Designer's template handling versions prior to 16.3...

High CVSS 8.8

Overview

Path traversal in Google Web Designer's template handling versions prior to 16.3.0.0407 on Windows allows attacker to achieve remote code execution by tricking users into downloading a malicious ad template

CWE: CWE-20 Published: 2025-06-12T09:15:22.390
Risk analysis

This vulnerability is rated 🟠 HIGH.

  • CVSS: 8.8 (HIGH)
  • Detected tags: path, rce (tag impact: VERY HIGH)

Recommended actions:

  • Canonicalize path; block `..` traversal; use allowlists.
  • Patch/upgrade immediately (remote code execution).
  • Reduce exposure (WAF/segmentation), minimize attack surface.

Recommended tools

Tags