Cloudinary · Cloudinary · CVE-2025-12613
**Name of the Vulnerable Software and Affected Versions**
cloudinary versions prior to 2.7.0
**Description**
The package is susceptible to Arbitrary Argument Injection because of improper parsing of parameter values that include an ampersand (`&`). This allows an attacker to inject additional, unintended parameters. This could lead to malicious outcomes, such as bypassing security checks, altering data, or manipulating the application's behavior.
**Recommendations**
Update to version 2.7.0 or later.