Input Plugins Flaw in Fluent Bit by Treasure Data
CVE-2025-12978

5.4MEDIUM

Key Information:

Vendor: Fluentbit
Status: Fluentbit
Vendor: CVE Published:; 24 November 2025

What is CVE-2025-12978?

Fluent Bit's input plugins, specifically in_http, in_splunk, and in_elasticsearch, exhibit a flaw in the tag_key validation logic. This vulnerability fails to enforce the precise key-length matching requirements, which permits crafted inputs where tag prefixes are mistakenly recognized as complete matches. Remote attackers with either authenticated or exposed access to these input endpoints can exploit this vulnerability, leading to potential manipulation of tags and routing of records to unintended destinations. Such exploitation jeopardizes the authenticity of ingested logs, potentially enabling data injection, alert flooding, and the manipulation of routing logic.

Affected Version(s)

FluentBit 4.1.0

References

https://fluentbit.io/announcements/v4.1.0/

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 24, 2025
Vulnerability Reserved
Nov 10, 2025

JSON

Fluentbit

What is CVE-2025-12978?

Affected Version(s)

References

CVSS V3.1

Timeline