CVE-2025-12969

Name of the Vulnerable Software and Affected Versions Fluent Bit (affected versions not specified)

Description The Fluent Bit in forward input plugin does not properly enforce the security.users authentication mechanism under certain configuration conditions. This allows remote attackers with network access to the Fluent Bit instance exposing the forward input to send unauthenticated data. By bypassing authentication controls, attackers can inject forged log records, flood alerting systems, or manipulate routing decisions, compromising the authenticity and integrity of ingested logs.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.