Description

Versions of the package cloudinary before 2.7.0 are vulnerable to Arbitrary Argument Injection due to improper parsing of parameter values containing an ampersand. An attacker can inject additional, unintended parameters. This could lead to a variety of malicious outcomes, such as bypassing security checks, altering data, or manipulating the application's behavior. **Note:** Following our established security policy, we attempted to contact the maintainer regarding this vulnerability, but haven't received a response.

INFO

Published Date :

2025-11-10T05:00:08.814Z

Last Modified :

2025-11-10T16:00:21.663Z

Source :

snyk
AFFECTED PRODUCTS

The following products are affected by CVE-2025-12613 vulnerability.

Vendors Products
Cloudinary
  • Cloudinary
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-12613.

URL Resource
https://github.com/cloudinary/cloudinary_npm/commit/ec4b65f2b3461365c569198ed6d2cfa61cca4050 cve-icon cve-icon
https://github.com/cloudinary/cloudinary_npm/pull/709 cve-icon cve-icon
https://security.snyk.io/vuln/SNYK-JS-CLOUDINARY-10495740 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact