CVE-2025-12977

Name of the Vulnerable Software and Affected Versions Fluent Bit versions (affected versions not specified)

Description The in http, in splunk, and in elasticsearch input plugins in Fluent Bit do not properly sanitize tag key inputs. An attacker who can access the network or write records to Splunk or Elasticsearch can use special characters like newlines or '../' within tag key values. These characters are interpreted as valid tags, potentially leading to newline injection, path traversal, forged record injection, or incorrect log routing, which compromises data integrity and log routing. The tag key variable is used to influence routing and can affect filenames or content in some outputs.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.