VYPR
High severity8.6OSV Advisory· Published Nov 10, 2025· Updated Apr 15, 2026

CVE-2025-12613

CVE-2025-12613

Description

Versions of the package cloudinary before 2.7.0 are vulnerable to Arbitrary Argument Injection due to improper parsing of parameter values containing an ampersand. An attacker can inject additional, unintended parameters. This could lead to a variety of malicious outcomes, such as bypassing security checks, altering data, or manipulating the application's behavior. Note: Following our established security policy, we attempted to contact the maintainer regarding this vulnerability, but haven't received a response.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
cloudinarynpm
< 2.7.02.7.0

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.