{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-4613","assignerOrgId":"14ed7db2-1595-443d-9d34-6215bf890778","state":"PUBLISHED","assignerShortName":"Google","dateReserved":"2025-05-12T21:43:15.310Z","datePublished":"2025-06-12T09:06:05.252Z","dateUpdated":"2026-02-26T17:50:40.752Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["Windows"],"product":"Web Designer App","vendor":"Google","versions":[{"lessThan":"16.3.0.0407","status":"affected","version":"0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"Bálint Magyar"}],"datePublic":"2025-05-21T22:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Path traversal in Google Web Designer's template handling versions prior to 16.3.0.0407 on Windows allows attacker to achieve remote code execution by tricking users into downloading a malicious ad template"}],"value":"Path traversal in Google Web Designer's template handling versions prior to 16.3.0.0407 on Windows allows attacker to achieve remote code execution by tricking users into downloading a malicious ad template"}],"impacts":[{"capecId":"CAPEC-175","descriptions":[{"lang":"en","value":"CAPEC-175 Code Inclusion"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NO","Recovery":"USER","Safety":"NEGLIGIBLE","attackComplexity":"HIGH","attackRequirements":"PRESENT","attackVector":"NETWORK","baseScore":7.1,"baseSeverity":"HIGH","privilegesRequired":"LOW","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"LOW","subConfidentialityImpact":"LOW","subIntegrityImpact":"HIGH","userInteraction":"ACTIVE","valueDensity":"DIFFUSE","vectorString":"CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/S:N/AU:N/R:U/V:D/RE:L","version":"4.0","vulnAvailabilityImpact":"LOW","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"LOW"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-20","description":"CWE-20 Improper Input Validation","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"14ed7db2-1595-443d-9d34-6215bf890778","shortName":"Google","dateUpdated":"2025-06-12T09:06:05.252Z"},"references":[{"url":"https://balintmagyar.com/articles/google-web-designer-path-traversal-client-side-rce-cve-2025-4613"}],"source":{"discovery":"EXTERNAL"},"title":"Client side RCE in Google Web Designer App","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2025-4613","role":"CISA Coordinator","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2025-06-14T03:56:18.755615Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-26T17:50:40.752Z"}}]}}