AI description
CVE-2025-12969 affects the Fluent Bit in\_forward input plugin. Under specific configuration scenarios, the plugin doesn't properly enforce the security.users authentication mechanism. This flaw allows remote attackers with network access to the Fluent Bit instance to send unauthenticated data. By bypassing authentication controls, attackers can inject forged log records, flood alerting systems, or manipulate routing decisions. This can compromise the authenticity and integrity of ingested logs. Specifically, this occurs when Security.Users is configured without a Shared_Key, which silently disables authentication.
- Description
- Fluent Bit in_forward input plugin does not properly enforce the security.users authentication mechanism under certain configuration conditions. This allows remote attackers with network access to the Fluent Bit instance exposing the forward input to send unauthenticated data. By bypassing authentication controls, attackers can inject forged log records, flood alerting systems, or manipulate routing decisions, compromising the authenticity and integrity of ingested logs.
- Source
- cret@cert.org
- NVD status
- Modified
- Products
- fluent_bit
CVSS 3.1
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 2.5
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
- Severity
- MEDIUM
- nvd@nist.gov
- CWE-306
- Hype score
- Not currently trending
Fluent Bit leaking like a sieve? 🚰 5 critical vulns (CVE-2025-12969-78) chain for RCE & full cloud takeovers—hackers' log dream! Oligo Security exposes the pipeline peril. Patch pronto! 🔒 https://t.co/vPpZQOgtW1 #CyberSec #InfoSec #Kubernetes RT if patched?
@z3nch4n
27 Nov 2025
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨:Critical Fluent Bit Flaws Enable RCE and Telemetry Tampering in Major Orgs ------------------------ CVE-2025-12972: Path Traversal File Write CVE-2025-12970: Stack Buffer Overflow CVE-2025-12978: Tag Key Spoofing CVE-2025-12977: Tag Injection CVE-2025-12969: https:/
@HunterMapping
26 Nov 2025
5845 Impressions
15 Retweets
82 Likes
39 Bookmarks
2 Replies
0 Quotes
CVE-2025-12969 Authentication Bypass in Fluent Bit in_forward Input Plugin Enabling Unauthenticated Log Injection https://t.co/sEUHFVusrP
@VulmonFeeds
24 Nov 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-12969 Fluent Bit in_forward input plugin does not properly enforce the security.users authentication mechanism under certain configuration conditions. This allows remote at… https://t.co/UeQUlSIgbR
@CVEnew
24 Nov 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4D0EA105-B741-4E44-828A-9300B09A7A79"
}
],
"operator": "OR"
}
]
}
]