AI description
CVE-2025-12972 is a path traversal vulnerability found in the Fluent Bit out_file plugin. The vulnerability stems from the plugin's failure to properly sanitize tag values when deriving output file names, specifically when the 'File' option is omitted. In such cases, the plugin uses untrusted tag input to construct file paths. This vulnerability allows attackers with network access to craft tags containing path traversal sequences (e.g., "../"), which can cause Fluent Bit to write files outside the intended output directory. By exploiting this flaw, attackers can overwrite arbitrary files on the disk, leading to log tampering and potentially remote code execution.
- Description
- Fluent Bit out_file plugin does not properly sanitize tag values when deriving output file names. When the File option is omitted, the plugin uses untrusted tag input to construct file paths. This allows attackers with network access to craft tags containing path traversal sequences that cause Fluent Bit to write files outside the intended output directory.
- Source
- cret@cert.org
- NVD status
- Modified
- Products
- fluent_bit
CVSS 3.1
- Type
- Secondary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
- Severity
- MEDIUM
- nvd@nist.gov
- CWE-22
- Hype score
- Not currently trending
#Analytics #Threat_Research An analytical review of the main cybersecurity events for the week (November 22-29, 2025) 1⃣. Critical Vulnerabilities in FluentBit Expose Cloud Environments to Remote Takeover - https://t.co/zHrDgWp61B // CVE-2025-12972, CVE-2025-12970,
@ksg93rd
29 Nov 2025
288 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Oligo security found 5 critical bugs in fluent bit, the logging agent used in millions of cloud & k8s workloads. The worst, CVE-2025-12972, enables remote code exec via file overwrite. Upgrade to v4.1.1+ and check where fluent bit runs. #kubernetes https://t.co/qZlhqw5f9c
@JPC_WebTahiti
27 Nov 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨:Critical Fluent Bit Flaws Enable RCE and Telemetry Tampering in Major Orgs ------------------------ CVE-2025-12972: Path Traversal File Write CVE-2025-12970: Stack Buffer Overflow CVE-2025-12978: Tag Key Spoofing CVE-2025-12977: Tag Injection CVE-2025-12969: https:/
@HunterMapping
26 Nov 2025
5845 Impressions
15 Retweets
82 Likes
39 Bookmarks
2 Replies
0 Quotes
🚨 Critical Cloud Security Alert Five new Fluent Bit vulnerabilities (incl. CVE-2025-12972 & CVE-2025-12970) can enable RCE, file overwrite, log spoofing, DoS, and auth bypass across AWS, Azure, GCP & Kubernetes. 🔧 Fix: Update to 4.1.1 / 4.0.12 immediately.
@JypraGroup
26 Nov 2025
58 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-12972 Path Traversal in Fluent Bit out_file Plugin Enables Unauthorized File Writing https://t.co/FWfjPHvVkL
@VulmonFeeds
24 Nov 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-12972 Fluent Bit out_file plugin does not properly sanitize tag values when deriving output file names. When the File option is omitted, the plugin uses untrusted tag input… https://t.co/wedC10KtmW
@CVEnew
24 Nov 2025
144 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4D0EA105-B741-4E44-828A-9300B09A7A79"
}
],
"operator": "OR"
}
]
}
]