Fluent Bit Vulnerabilities Expose Cloud Infrastructure to Attacks
Full Transcript
Cybersecurity researchers have identified five critical vulnerabilities in Fluent Bit, an open-source telemetry agent widely used in cloud infrastructures. According to a report by Oligo Security shared with The Hacker News, these vulnerabilities can be exploited to compromise cloud services significantly.
The flaws include a path traversal vulnerability identified as CVE-2025-12972, which arises from unsanitized tag values that could lead to arbitrary file writing, allowing attackers to tamper with logs and potentially execute remote code.
Another vulnerability, CVE-2025-12970, concerns a stack buffer overflow in the Docker Metrics input plugin, which could permit code execution or crash the agent through excessively long container names.
Additionally, CVE-2025-12978 allows attackers to spoof trusted tags in the tag-matching logic, which could manipulate log routing and inject misleading records. CVE-2025-12977 highlights improper input validation of tags that can corrupt downstream logs, while CVE-2025-12969 features a missing authentication check in the in_forward plugin that could enable unauthorized log injection and flood legitimate logs with false telemetry.
The CERT Coordination Center noted that many of these vulnerabilities require network access to a Fluent Bit instance, emphasizing the potential for remote code execution and service disruption. Following responsible disclosure practices, the vulnerabilities were patched in versions 4.1.1 and 4.0.12 released last month.
Amazon Web Services has urged its customers to update their Fluent Bit installations to the latest versions to mitigate these risks. Given Fluent Bit's extensive use in enterprise environments, these vulnerabilities pose significant threats, potentially allowing attackers to disrupt services, manipulate data, and gain deeper access to cloud systems.
Recommendations from researchers include avoiding dynamic tags for routing, securing output paths to prevent tag-based path traversal, and running Fluent Bit as a non-root user. This incident highlights ongoing challenges in securing cloud environments and the critical need for timely vulnerability disclosures and effective patch management.
The discovery of these vulnerabilities follows earlier reports of flaws within Fluent Bit, underscoring the necessity for vigilance in maintaining the security of cloud infrastructure.