CVE-2025-12972

MEDIUM

Fluent Bit - Path Traversal and Arbitrary File Write via out_file Plugin Tag Handling

Title source: llm

Description

Fluent Bit out_file plugin does not properly sanitize tag values when deriving output file names. When the File option is omitted, the plugin uses untrusted tag input to construct file paths. This allows attackers with network access to craft tags containing path traversal sequences that cause Fluent Bit to write files outside the intended output directory.

References (2)

Core 2

Core References

Various Sources

https://fluentbit.io/blog/2025/10/28/security-vulnerabilities-addressed-in-fluent-bit-v4.1-and-backported-to-v4.0/

Various Sources

https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover

Scores

CVSS v3 5.3

EPSS 0.0063

EPSS Percentile 45.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (1)

treasuredata/fluent_bit 4.1.0

Published Nov 24, 2025

Tracked Since Feb 18, 2026