CVE-2025-12969 — Missing Authentication for Critical Function in Fluent BIT

CWE-306 — Missing Authentication for Critical Function4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 73.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fluentbit Fluent BIT Treasuredata Fluent BIT Msrc Azl3 Fluent-bit 3.1.10-2 ON Azure Linux 3.0 +2 more

Timeline

PublishedNov 24

Latest updateDec 1

Description

Fluent Bit in_forward input plugin does not properly enforce the security.users authentication mechanism under certain configuration conditions. This allows remote attackers with network access to the Fluent Bit instance exposing the forward input to send unauthenticated data. By bypassing authentication controls, attackers can inject forged log records, flood alerting systems, or manipulate routing decisions, compromising the authenticity and integrity of ingested logs.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages5 packages

▶NVDtreasuredata/fluent_bit4.1.0

▶CVEListV5fluentbit/fluent_bit< 4.0.13

▶msrcmsrc/azl3_fluent-bit_3.1.9-6_on_azure_linux_3.0

▶msrcmsrc/cbl2_fluent-bit_3.0.6-4_on_cbl_mariner_2.0

▶msrcmsrc/azl3_fluent-bit_3.1.10-2_on_azure_linux_3.0

🔴Vulnerability Details

GHSA

GHSA-2949-r76x-4vc4: Fluent Bit in_forward input plugin does not properly enforce the security↗2025-11-24

▶

📋Vendor Advisories

Microsoft

CVE-2025-12969: CVE-2025-12969 Mariner: Mariner certcc: certcc Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn↗2025-11-11

▶

🕵️Threat Intelligence

Wiz

Supply Chain Attacks & AI Vulnerabilities: December Cloud Security Update | Wiz↗2025-12-01

▶