CVE-2025-4613 | Google Web Designer Operational Intel

Executive Risk Summary

"A path traversal vulnerability in Google Web Designer's template handling allows an attacker to achieve remote code execution by tricking users into downloading a malicious ad template. This vulnerability affects versions prior to 16.3.0.0407 on Windows."

Operational Audit Arsenal

Target Type Executable

Target Asset Google Web Designer executable

Standard Path %programfiles%\Google Web Designer

PowerShell

# 🛠️ Senior Engineer Universal Audit
# Target: Google Web Designer executable (Executable)
$Targets = 'Google Web Designer executable'
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")

Get-ChildItem -Path $SearchPaths -Include $Targets -Recurse -ErrorAction SilentlyContinue | 
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}

Patch Impact Forecast

Reboot Required Unlikely

Google Web Designer service affected

Internal Work Notes

Remote code execution vulnerability in Google Web Designer due to path traversal in template handling, patch to version 16.3.0.0407 or later to mitigate risk.

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

Official Advisoryhttps://balintmagyar.com/articles/google-web-designer-path-traversal-client-side-rce-cve-2025-4613

Related Google Threats

CVE-2026-7343 CVSS 9.8

Google Chrome - Views

CVE-2025-4609 CVSS 9.6

Google Chrome - Mojo

CVE-2025-3619 CVSS 8.8

Google Chrome - Codecs

Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.