- Fluent Bit flaws enable attackers to govern logs and execute distant code
- CVE-2025-12972 permits overwriting information on disk for potential system compromise
- CVE-2025-12970 exploits a stack buffer overflow to set off distant code execution
A extensively used open supply log processing instrument accommodates vital flaws that might enable attackers to compromise cloud infrastructure, consultants have warned.
Analysis from Oligo claims the vulnerabilities in Fluent Bit enable manipulation of logs, bypassing authentication, and the execution of distant code on methods throughout main cloud suppliers, together with AWS, Google Cloud, and Microsoft Azure.
Fluent Bit is deployed in billions of containers and used extensively by industries similar to banking, AI, and manufacturing, making it an attention-grabbing goal.
Particular flaws and dangers
Exploitation of those vulnerabilities may disrupt cloud storage providers, alter information, and threaten enterprise operations that depend upon constant cloud entry.
The Oligo Safety analysis group recognized 5 vulnerabilities and, working with the undertaking’s maintainers, printed particulars in regards to the bugs.
The disclosed vulnerabilities embrace path traversal by unsanitized tag values, stack buffer overflows, tag-matching bypasses, and failures in authentication.
CVE-2025-12972 permits attackers to overwrite arbitrary information on disk, whereas CVE-2025-12970 can set off distant code execution by container naming.
CVE-2025-12978 and CVE-2025-12977 allow log rerouting, injection of deceptive entries, and tampering with monitoring information.
CVE-2025-12969 disables authentication on some forwarders, letting attackers inject false telemetry or flood detection methods.
“We are able to see primarily based on code historical past, the tag-handling flaw behind CVE-2025-12977 has been current for at the least 4 years, and the Docker enter buffer overflow (CVE-2025-12970) goes again roughly 6 years,” Oligo Safety researcher Uri Katz stated.
These vulnerabilities may hinder malware elimination efforts in cloud internet hosting environments and permit attackers to hide traces of unauthorized exercise.
AWS has acknowledged the vulnerabilities and issued Fluent Bit model 4.1.1 to safe inside methods.
Clients are suggested to improve workloads to this newest model and use Amazon Inspector, Safety Hub, and Methods Supervisor to detect anomalies.
Enterprises ought to confirm logging configurations and preserve steady monitoring.
Firewall safety and antivirus measures are advisable alongside these updates to restrict publicity.
That stated, widespread deployment of Fluent Bit means some residual threat could stay even after patching, and these vulnerabilities are simple to take advantage of.
“There are a number of vulnerabilities right here with totally different complexity ranges,” famous Katz. “Some might be triggered with solely a fundamental understanding of Fluent Bit’s conduct…whereas others…demand extra familiarity with reminiscence corruption. Total, the technical bar to take advantage of these is comparatively low.”
Comply with TechRadar on Google Information and add us as a most popular supply to get our knowledgeable information, evaluations, and opinion in your feeds. Be sure to click on the Comply with button!
And naturally you can too comply with TechRadar on TikTok for information, evaluations, unboxings in video type, and get common updates from us on WhatsApp too.
