CVE-2025-12969
published 2025-11-24CVE-2025-12969: Fluent Bit in_forward input plugin does not properly enforce the security.users authentication mechanism under certain configuration conditions. This allows…
PriorityP343medium6.5CVSS 3.1
AVNACLPRNUINSUCLILAN
EPSS
0.56%
42.1th percentile
Fluent Bit in_forward input plugin does not properly enforce the security.users authentication mechanism under certain configuration conditions. This allows remote attackers with network access to the Fluent Bit instance exposing the forward input to send unauthenticated data. By bypassing authentication controls, attackers can inject forged log records, flood alerting systems, or manipulate routing decisions, compromising the authenticity and integrity of ingested logs.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fluentbit | fluent_bit | < 4.0.13 | 4.0.13 |
| msrc | azl3_fluent-bit_3.1.10-2_on_azure_linux_3.0 | — | — |
| msrc | azl3_fluent-bit_3.1.9-6_on_azure_linux_3.0 | — | — |
| msrc | cbl2_fluent-bit_3.0.6-4_on_cbl_mariner_2.0 | — | — |
| treasuredata | fluent_bit | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
vendor_msrc6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
CVE-2025-12969: CVE-2025-12969
Mariner: Mariner
certcc: certcc
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://learn
vendor_msrc·2025-11-11·CVSS 6.5
CVE-2025-12969 [MEDIUM] CWE-306 CVE-2025-12969: CVE-2025-12969
Mariner: Mariner
certcc: certcc
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://learn
CVE-2025-12969
Mariner: Mariner
certcc: certcc
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
GHSA
GHSA-2949-r76x-4vc4: Fluent Bit in_forward input plugin does not properly enforce the security
ghsa_unreviewed·2025-11-24
CVE-2025-12969 [MEDIUM] CWE-306 GHSA-2949-r76x-4vc4: Fluent Bit in_forward input plugin does not properly enforce the security
Fluent Bit in_forward input plugin does not properly enforce the security.users authentication mechanism under certain configuration conditions. This allows remote attackers with network access to the Fluent Bit instance exposing the forward input to send unauthenticated data. By bypassing authentication controls, attackers can inject forged log records, flood alerting systems, or manipulate routing decisions, compromising the authenticity and integrity of ingested logs.
No detection rules found.
No public exploits indexed.
2025-11-24
Published