The vulnerability CVE-2025-66104 involves missing authorization in the Anton Vanyukov Offload, AI & Optimize with Cloudflare Images product, specifically due to incorrectly configured access control security levels. This affects all versions up to 1.9.5. The product is cloud-hosted, and the vendor manages remediation. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) indicates network attack vector, low attack complexity, requires low privileges, no user interaction, unchanged scope, no confidentiality or integrity impact, but high impact on availability. A patch is available, though no direct patch link is provided in the data. No known exploits have been reported.

The vulnerability can lead to a high impact on availability of the affected cloud service due to missing authorization controls, potentially allowing unauthorized users with low privileges to disrupt service availability. There is no impact on confidentiality or integrity according to the CVSS vector. No known exploits are currently reported in the wild.

A patch is available for this vulnerability. Since the product is a cloud service, the vendor typically manages remediation server-side. Users should verify with the vendor advisory for confirmation of patch deployment and ensure their service is updated to a version beyond 1.9.5 or that the vendor has applied the fix. No additional mitigation actions are specified or required beyond applying the official patch.