Detections
Analytics

Fluent Bit < 4.0.12 / 4.1.x < 4.1.1 Multiple Vulnerabilities

critical Nessus Plugin ID 276933

Language:

Synopsis

A logging processor application is affected by multiple vulnerabilities.

Description

The version of Fluent Bit running on the remote host is prior to 4.0.12, or 4.1.x prior to 4.1.1. It is, therefore, affected by multiple vulnerabilities, including:

 - Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tag_key values containing special characters such as newlines or ../ that are treated as valid tags. Because tags influence routing and some outputs derive filenames or contents from tags, this can allow newline injection, path traversal, forged record injection, or log misrouting, impacting data integrity and log routing. (CVE-2025-12977)

 - The extract_name function in Fluent Bit in_docker input plugin copies container names into a fixed size stack buffer without validating length. An attacker who can create containers or control container names, can supply a long name that overflows the buffer, leading to process crash or arbitrary code execution. (CVE-2025-12970)

 - Fluent Bit in_forward input plugin does not properly enforce the security.users authentication mechanism under certain configuration conditions. This allows remote attackers with network access to the Fluent Bit instance exposing the forward input to send unauthenticated data. By bypassing authentication controls, attackers can inject forged log records, flood alerting systems, or manipulate routing decisions, compromising the authenticity and integrity of ingested logs. (CVE-2025-12969)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Fluent Bit version 4.0.12 or 4.1.1 or later.

See Also

http://www.nessus.org/u?d46f9bc7

https://kb.cert.org/vuls/id/761751

Plugin Details

Severity: Critical

ID: 276933

File Name: fluent_bit_4_1_1.nasl

Version: 1.2

Type: remote

Family: Misc.

Published: 12/1/2025

Updated: 12/5/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N

CVSS Score Source: CVE-2025-12977

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Vulnerability Information

CPE: x-cpe:/a:fluent_bit:fluent_bit

Required KB Items: installed_sw/Fluent Bit

Patch Publication Date: 11/24/2025

Vulnerability Publication Date: 11/24/2025

Reference Information

CVE: CVE-2025-12969, CVE-2025-12970, CVE-2025-12972, CVE-2025-12977, CVE-2025-12978

IAVA: 2025-A-0880