CVE 9.1 CRITICAL

CVE-2025-12977_CVE-2025-12977

November 24, 2025 invoker category_cve

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Description

Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tag_key values containing special characters such as newlines or ../ that are treated as valid tags. Because tags influence routing and some outputs derive filenames or contents from tags, this can allow newline injection, path traversal, forged record injection, or log misrouting, impacting data integrity and log routing.

AI Analysis

Input plugins fail to sanitize tag_key inputs, allowing newline injection, path traversal, forged record injection, or log misrouting.

Basic Information

ID CVE-2025-12977

Source certcc

Published Nov 24, 2025 at 14:40

Modified Nov 24, 2025 at 19:14

Affected Product

Vendor FluentBit

Product FluentBit

Version 4.1.0

Affected Versions FluentBit FluentBit 4.1.0

CWE Classification

CWE-1287

AI Assessment

AI Score 9.1 / 10

AI Severity Critical

Vendor FluentBit

Product FluentBit

Version 4.1.0

References

fluentbit.io /announcements/v4.1.0/

{
    "lastseen": "",
    "description": "Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tag_key values containing special characters such as newlines or ../ that are treated as valid tags. Because tags influence routing and some outputs derive filenames or contents from tags, this can allow newline injection, path traversal, forged record injection, or log misrouting, impacting data integrity and log routing.",
    "published": "2025-11-24T14:40:12.642Z",
    "modified": "2025-11-24T19:14:10.912Z",
    "type": "cve",
    "title": "CVE-2025-12977",
    "source": "certcc",
    "references": "https://fluentbit.io/announcements/v4.1.0/",
    "id": "CVE-2025-12977",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1287"
    ],
    "cvelist": null,
    "sourceData": "FluentBit FluentBit 4.1.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FluentBit",
    "version": "4.1.0",
    "vendor": "FluentBit",
    "ai_description": "Input plugins fail to sanitize tag_key inputs, allowing newline injection, path traversal, forged record injection, or log misrouting.",
    "ai_severity": "Critical",
    "ai_vendor": "FluentBit",
    "ai_product": "FluentBit",
    "ai_version": "4.1.0",
    "ai_score": 9.1
}

💭 Join the Security Discussion ❌ Cancel Reply