Path Traversal Vulnerability in Fluent Bit Output Plugin

CVE-2025-12972

What is CVE-2025-12972?

CVE-2025-12972 is a vulnerability identified in the Fluent Bit output plugin, a widely utilized open-source data collector designed for processing and forwarding logs. This vulnerability arises from inadequate sanitization of tag values used to construct file paths. As a result, when the file output option is not specified, the plugin employs untrusted input from network sources to derive these paths. Attackers can exploit this flaw by crafting tag inputs that include path traversal sequences, enabling them to manipulate file writing operations to locations outside the designated output directory. This could lead to unauthorized file access and possible data integrity issues for organizations relying on Fluent Bit for log management.

Potential impact of CVE-2025-12972

1. Unauthorized File Access: Attackers can exploit this vulnerability to write files in unintended directories, which may include sensitive data or system files. This unauthorized access can compromise data confidentiality and integrity.

2. Data Manipulation Risks: The ability to manipulate file paths could allow malicious actors to overwrite existing files or create new files with arbitrary data, leading to significant disruptions in logging activities and potentially affecting system operations.

3. Increased Attack Surface: Exploitation of this vulnerability may serve as a gateway for further attacks on organizational networks. By leveraging the lack of input validation, attackers can initiate secondary attacks after gaining access to files outside intended directories.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References