Input Plugin Vulnerability in Fluent Bit Affects Data Integrity and Log Routing

CVE-2025-12977

What is CVE-2025-12977?

Fluent Bit's in_http, in_splunk, and in_elasticsearch input plugins are vulnerable due to inadequate sanitization of tag_key inputs. An attacker capable of network access or manipulating records in Splunk or Elasticsearch can introduce tag_key values with special characters, such as newlines or directory traversal sequences (../). This manipulation can lead to serious consequences, including newline injection, path traversal, and forged record injection. The improper handling of tags can ultimately compromise the integrity of data and misroute log outputs, highlighting a critical area of concern for organizations relying on Fluent Bit for log management.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

News Articles

theregister.com

CVE-2025-12977CVE-2025-12970

Years-old bugs in open source took out major clouds at risk

A series of "trivial-to-exploit" vulnerabilities in Fluent Bit, an open source log collection tool that runs in every major cloud and AI lab, was left open for years, giving attackers an exploit chain to...

References