CVE-2025-12972

Name of the Vulnerable Software and Affected Versions Fluent Bit versions prior to 4.1.1

Description The out file plugin in Fluent Bit does not properly sanitize tag values when creating output file names. If the File option is not specified, the plugin utilizes tag input, which is considered untrusted, to construct file paths. This allows attackers with network access to manipulate tags with path traversal sequences, potentially causing Fluent Bit to write files to locations outside the designated output directory. The issue enables unauthorized file writing.

Recommendations Upgrade to Fluent Bit version 4.1.1 or later.