Vulnerability in Cloudinary

CVE-2025-12613

Versions of the package cloudinary before 2.7.0 are vulnerable to Arbitrary Argument Injection due to improper parsing of parameter values containing an ampersand. An attacker can inject additional, unintended parameters. This could lead t…

EPSS: 0.003 (24.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.6 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L.

Affected products

  • N/a Cloudinary — versions 0

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2025-12613?
CVE-2025-12613 is a high-severity vulnerability in Cloudinary, classified under Argument Injection. CVSS score: 8.6/10. Published 2025-11-10.
How severe is CVE-2025-12613?
High severity. CVSS v3 base score is 8.6 out of 10.