AI description
CVE-2025-12970 is a stack buffer overflow vulnerability found in the Docker Metrics input plugin (in\_docker) of Fluent Bit. The vulnerability occurs because the `extract_name` function copies container names into a fixed-size stack buffer without validating the length of the container name. The buffer size is 256 bytes. An attacker who can create containers or control container names can exploit this vulnerability by supplying an excessively long container name. This can lead to a buffer overflow, potentially causing a process crash or arbitrary code execution on the host running Fluent Bit.
- Description
- The extract_name function in Fluent Bit in_docker input plugin copies container names into a fixed size stack buffer without validating length. An attacker who can create containers or control container names, can supply a long name that overflows the buffer, leading to process crash or arbitrary code execution.
- Source
- cret@cert.org
- NVD status
- Modified
- Products
- fluent_bit
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- nvd@nist.gov
- CWE-120
- Hype score
- Not currently trending
CVE-2025-12970 CVE-2025-12970 https://t.co/h0oX5hfHvW #SecQube #MicrosoftSecurity
@SecQube
5 Dec 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Analytics #Threat_Research An analytical review of the main cybersecurity events for the week (November 22-29, 2025) 1⃣. Critical Vulnerabilities in FluentBit Expose Cloud Environments to Remote Takeover - https://t.co/zHrDgWp61B // CVE-2025-12972, CVE-2025-12970,
@ksg93rd
29 Nov 2025
288 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨:Critical Fluent Bit Flaws Enable RCE and Telemetry Tampering in Major Orgs ------------------------ CVE-2025-12972: Path Traversal File Write CVE-2025-12970: Stack Buffer Overflow CVE-2025-12978: Tag Key Spoofing CVE-2025-12977: Tag Injection CVE-2025-12969: https:/
@HunterMapping
26 Nov 2025
5845 Impressions
15 Retweets
82 Likes
39 Bookmarks
2 Replies
0 Quotes
🚨 Critical Cloud Security Alert Five new Fluent Bit vulnerabilities (incl. CVE-2025-12972 & CVE-2025-12970) can enable RCE, file overwrite, log spoofing, DoS, and auth bypass across AWS, Azure, GCP & Kubernetes. 🔧 Fix: Update to 4.1.1 / 4.0.12 immediately.
@JypraGroup
26 Nov 2025
58 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-12970 Buffer Overflow in Fluent Bit Docker Input Plugin Enables Remote Code Execution https://t.co/Sis1mg8CWu
@VulmonFeeds
24 Nov 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-12970 The extract_name function in Fluent Bit in_docker input plugin copies container names into a fixed size stack buffer without validating length. An attacker who can cr… https://t.co/Tb7oLy6Oq0
@CVEnew
24 Nov 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4D0EA105-B741-4E44-828A-9300B09A7A79"
}
],
"operator": "OR"
}
]
}
]