You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2025 12969
About this tag
CVE-2025-12969 is a critical unauthenticated data-injection vulnerability in Fluent Bit's forward input plugin. The flaw allows an attacker who can reach a Fluent Bit forward listener to bypass the configured security.users control and send unauthenticated records. This enables forged log injection, alert flooding, and routing manipulation, undermining detection, forensics, and trust in centralized logging pipelines. Discussions on WindowsForum cover the technical details of the bypass, its impact on log integrity, and mitigation strategies for systems using Fluent Bit with Elasticsearch or Splunk. The tag is relevant for security professionals and IT administrators managing log forwarding infrastructure.
A critical unauthenticated data-injection flaw in Fluent Bit’s forward input plugin has been publicly cataloged as CVE-2025-12969; the bug lets an attacker who can reach a Fluent Bit forward listener send unauthenticated records by bypassing the configured security.users control, enabling forged...