CVE-2025-12977
BaseFortify
Publication date: 2025-11-24
Last updated on: 2025-11-28
Assigner: CERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| treasuredata | fluent_bit | 4.1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1287 | The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in Fluent Bit's in_http, in_splunk, and in_elasticsearch input plugins, which fail to properly sanitize tag_key inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tag_key values containing special characters like newlines or ../ sequences. These special characters are treated as valid tags, which can lead to newline injection, path traversal, forged record injection, or log misrouting.
How can this vulnerability impact me? :
The vulnerability can impact you by compromising data integrity and log routing. Specifically, it can allow attackers to inject newlines, traverse paths, forge records, or cause logs to be misrouted. This can disrupt the normal processing and storage of logs, potentially leading to incorrect or misleading log data and affecting system monitoring and incident response.