CVE-2025-12977
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-24

Last updated on: 2025-11-28

Assigner: CERT/CC

Description
Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tag_key values containing special characters such as newlines or ../ that are treated as valid tags. Because tags influence routing and some outputs derive filenames or contents from tags, this can allow newline injection, path traversal, forged record injection, or log misrouting, impacting data integrity and log routing.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-24
Last Modified
2025-11-28
Generated
2026-06-16
AI Q&A
2025-11-24
EPSS Evaluated
2026-06-15
NVD
CVE-2025-12977
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
treasuredata fluent_bit 4.1.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1287 The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in Fluent Bit's in_http, in_splunk, and in_elasticsearch input plugins, which fail to properly sanitize tag_key inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tag_key values containing special characters like newlines or ../ sequences. These special characters are treated as valid tags, which can lead to newline injection, path traversal, forged record injection, or log misrouting.

Impact Analysis

The vulnerability can impact you by compromising data integrity and log routing. Specifically, it can allow attackers to inject newlines, traverse paths, forge records, or cause logs to be misrouted. This can disrupt the normal processing and storage of logs, potentially leading to incorrect or misleading log data and affecting system monitoring and incident response.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-12977. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart