216.73.217.47

CVE-2025-12969

· Published 24/11/2025 15:15 · Modified 28/11/2025 18:15

Labels: CVE-2025-12969 2025-11-24CVE-2025-12969CWE-306[email protected]

Essential information

Published
24/11/2025 15:15
Modified
28/11/2025 18:15
Author
Creator
CVSS
6.5 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CVSS metrics

Description

Fluent Bit in_forward input plugin does not properly enforce the security.users authentication mechanism under certain configuration conditions. This allows remote attackers with network access to the Fluent Bit instance exposing the forward input to send unauthenticated data. By bypassing authentication controls, attackers can inject forged log records, flood alerting systems, or manipulate routing decisions, compromising the authenticity and integrity of ingested logs.

NVD status

Status
Modified — CVE has been amended by a source (CVE Primary CNA or another CNA). Analysis data supplied by the NVD may be no longer be accurate due to these changes.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
treasuredata / fluent bit cpe:2.3:a:treasuredata:fluent_bit:4.1.0:*:*:*:*:*:*:*

References