Fluent Bit, a widely deployed log-processing tool used in containers, Kubernetes DaemonSets, and major cloud platforms, has been found vulnerable to authentication bypass, file-write, and agent takeover attacks.
According to an Oligo Security analysis, disclosed in co-operation with Amazon Web Services (AWS), the tool was found vulnerable to five critical flaws that could allow full compromise of cloud infrastructure.
“Fluent Bit runs everywhere: AI labs, banks, car manufacturers, all the major cloud providers such as AWS, Google Cloud, and Microsoft Azure, and more,” Uri Katz, researcher at Oligo Security’s CTO Office, said in a blog post. “When a component this widespread and trusted fails, it doesn’t just expose individual systems; it threatens the stability of the cloud ecosystem.”
These flaws can potentially allow attackers to rewrite or delete logs to cover their tracks, inject false telemetry, reroute records into attacker-controlled destinations, or even execute arbitrary code, Katz added.
To address them, the Fluent Bit project has released patched versions v4.1.1 and v4.0.12.
Bypassing authentication to inject fake logs
The most concerning issue revealed in the disclosure is the Fluent Bit forward input plugin “in_forward,” which can be configured to appear protected but is actually wide open. Specifically, when “Security.Users” authentication is specified without a “Shared.key”, authentication is effectively not enforced, leaving a vulnerable port for attackers to connect and send arbitrary logs.
Attackers could flood monitoring systems with false or misleading events, hide alerts in the noise, or even hijack the telemetry stream entirely, Katz said. The issue is now tracked as CVE-2025-12969 and awaits a severity valuation.
Almost equally troubling are other flaws in the “tag” mechanism, which determines how the records are routed and processed. One bug (CVE-2025-12978) allows an attacker who can guess just the first character of the tag key to impersonate trusted tags and reroute logs or bypass filters. Another (CVE-2025-12977) allows unsanitized tag values (including newlines, directory-traversal strings, and control characters), which can corrupt downstream parsing, enable file-system writes, or allow further escalation.
According to the blog, AWS has secured all of its internal systems that rely on Fluentbit through the Fluentbit project and released Fluentbit version 4.1.1. AWS did not immediately respond to CSO’s request for comment.
File writes, container overflow, and full agent takeover
Oligo also disclosed a chain of remote code execution (RCE) and path traversal vulnerabilities affecting the tool. CVE-2025-12972 targets the “out_file“ output plugin. When Tag values are user-controlled, and no fixed File parameter is set, attackers can abuse the Tag value (e.g.,”../“) to cause path-traversal file writes or overwrites–ultimately letting them plant malicious files or gain RCE.
“Our research found that some of these vulnerabilities, such as CVE 2025-12972, have left cloud environments vulnerable for over 8 years,” Katz noted.
In the Docker input plugin (in-Docker), CVE-2025-12970 shows a stack buffer overflow. If an attacker names a container with an excessively long name, the buffer overflow lets them crash the agent or execute code. Oligo warned that the flaw allows attackers to seize the logging agent, hide their activity, plant backdoors, and pivot further into the system.
Fluent Bit is a Cloud Native Computing Foundation (CNCF) graduated open-source project, initially created by Eduardo Silva, who remains its most frequent contributor, now sponsored and maintained by major cloud providers.
No Responses