CVE-2025-66104 identifies a missing authorization vulnerability in the Offload, AI & Optimize with Cloudflare Images plugin developed by Anton Vanyukov, affecting all versions up to and including 1.9.5. This vulnerability arises from improperly configured access control security levels, allowing users with low privileges (PR:L) to perform unauthorized actions without requiring user interaction (UI:N). The attack vector is network-based (AV:N), meaning an attacker can exploit the vulnerability remotely. The vulnerability impacts the integrity (I:H) of the system or data, but does not affect confidentiality (C:N) or availability (A:N). Specifically, the missing authorization allows an attacker to bypass intended access restrictions, potentially modifying or corrupting image processing workflows or data handled by the plugin. Although no known exploits have been reported in the wild, the vulnerability is publicly disclosed and assigned a CVSS v3.1 base score of 6.5, categorized as medium severity. The plugin is used to offload image processing tasks to Cloudflare’s AI-powered optimization services, which are widely adopted in web hosting and content delivery scenarios. The lack of proper authorization checks could lead to unauthorized modification of image optimization parameters or injection of malicious content, undermining data integrity and trust in the service. The vulnerability was reserved in November 2025 and published in December 2025, indicating recent discovery and disclosure. No official patches or updates are currently linked, suggesting organizations must monitor vendor communications closely for remediation.

For European organizations, the primary impact of CVE-2025-66104 lies in the potential unauthorized modification of image processing workflows, which can lead to data integrity issues. This could result in corrupted or manipulated images being served to end users, damaging brand reputation and user trust. Organizations relying on Cloudflare Images for AI-based optimization in e-commerce, media, or critical web services may face operational disruptions or compliance risks if manipulated content violates regulatory standards such as GDPR. Although confidentiality and availability are not directly affected, the integrity compromise could be exploited for further attacks, such as injecting malicious content or misleading visual information. The medium severity score reflects a moderate risk that requires timely mitigation but does not indicate immediate critical system failure. European entities with extensive web presence and reliance on Cloudflare’s image optimization services are at higher risk, especially those with complex user permission structures that might inadvertently allow privilege escalation or unauthorized access. The absence of known exploits in the wild reduces immediate threat urgency but does not eliminate the risk of future exploitation as the vulnerability is public.

1. Monitor official vendor channels and security advisories for patches or updates addressing CVE-2025-66104 and apply them promptly once available. 2. Conduct a thorough audit of user roles and permissions within the Offload, AI & Optimize with Cloudflare Images plugin to ensure that only trusted users have access to sensitive configuration and operational functions. 3. Implement strict access control policies and consider additional authentication mechanisms for administrative actions related to image processing. 4. Enable detailed logging and monitoring of image optimization requests and configuration changes to detect anomalous or unauthorized activities early. 5. If possible, isolate the plugin’s operational environment to limit the blast radius of potential unauthorized actions. 6. Educate administrators and developers on secure configuration practices for Cloudflare Images integration. 7. Consider deploying Web Application Firewalls (WAF) with custom rules to detect and block suspicious requests targeting the plugin endpoints. 8. Regularly review and update incident response plans to include scenarios involving integrity attacks on image processing services.