CVE-2025-12978
BaseFortify
Publication date: 2025-11-24
Last updated on: 2025-11-28
Assigner: CERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| treasuredata | fluent_bit | 4.1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Fluent Bit's in_http, in_splunk, and in_elasticsearch input plugins where the tag_key validation logic does not enforce exact key-length matching. This flaw allows crafted inputs with tag prefixes to be incorrectly treated as full matches, enabling a remote attacker with authenticated or exposed access to manipulate tags and redirect log records to unintended destinations.
How can this vulnerability impact me? :
The vulnerability can compromise the authenticity of ingested logs by allowing attackers to inject forged data, cause alert flooding, and manipulate routing of log records. This can lead to incorrect log data being processed or stored, potentially impacting monitoring, alerting, and forensic analysis.