CVE-2025-1079
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: cve-coordination@google.com (Secondary)
Description
Client RCE on macOS and Linux via improper symbolic link resolution in Google Web Designer's preview feature
Affected (1)
Products: Google: Web Designer
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 16.2.0.0128 |
| Running on/with | Platform Versions |
|---|---|
Apple Macos | All versions |
Linux Linux Kernel | All versions |
Related CWEs
CWE-59
Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
CWE-61
UNIX Symbolic Link (Symlink) Following
The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.
References (1)
Source: cve-coordination@google.com
ExploitThird Party Advisory
Timeline
No history available yet.