CVE-2025-12969
BaseFortify
Publication date: 2025-11-24
Last updated on: 2025-11-28
Assigner: CERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| treasuredata | fluent_bit | 4.1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Fluent Bit in_forward input plugin occurs because it does not properly enforce the security.users authentication mechanism under certain configurations. This flaw allows remote attackers with network access to the Fluent Bit instance exposing the forward input to send data without authentication, effectively bypassing security controls.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can inject forged log records, flood alerting systems, or manipulate routing decisions. This compromises the authenticity and integrity of the logs ingested by Fluent Bit, potentially leading to incorrect monitoring, alerting failures, or misdirected log data.