- Pro
- Security
Many vulnerabilities have existed for years, exposing cloud systems to ongoing risk
Comments (0) ()When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
(Image credit: Getty Images)
- Fluent Bit flaws allow attackers to manipulate logs and execute remote code
- CVE-2025-12972 permits overwriting files on disk for potential system compromise
- CVE-2025-12970 exploits a stack buffer overflow to trigger remote code execution
A widely used open source log processing tool contains critical flaws that could allow attackers to compromise cloud infrastructure, experts have warned.
Research from Oligo claims the vulnerabilities in Fluent Bit allow manipulation of logs, bypassing authentication, and the execution of remote code on systems across major cloud providers, including AWS, Google Cloud, and Microsoft Azure.
- Amazon Black Friday deals are live: here are our picks!
Fluent Bit is deployed in billions of containers and used extensively by industries such as banking, AI, and manufacturing, making it an interesting target.
You may like-
Experts warn Gladinet file sharing tool flaw prompts dangerous cyberattacks - and there's no patch
-
Some Docker containers may not be as secure as they like, experts warn
-
This serious Microsoft Entra flaw could have let hackers infiltrate any user, so patch now
Specific flaws and risks
Exploitation of these vulnerabilities could disrupt cloud storage services, alter data, and threaten enterprise operations that depend on consistent cloud access.
The Oligo Security research team identified five vulnerabilities and, working with the project’s maintainers, published details about the bugs.
The disclosed vulnerabilities include path traversal through unsanitized tag values, stack buffer overflows, tag-matching bypasses, and failures in authentication.
CVE-2025-12972 allows attackers to overwrite arbitrary files on disk, while CVE-2025-12970 can trigger remote code execution through container naming.
Are you a pro? Subscribe to our newsletterContact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.CVE-2025-12978 and CVE-2025-12977 permit log rerouting, injection of misleading entries, and tampering with monitoring records.
CVE-2025-12969 disables authentication on some forwarders, letting attackers inject false telemetry or flood detection systems.
"We can see based on code history, the tag-handling flaw behind CVE-2025-12977 has been present for at least four years, and the Docker input buffer overflow (CVE-2025-12970) goes back roughly 6 years," Oligo Security researcher Uri Katz said.
You may like-
Experts warn Gladinet file sharing tool flaw prompts dangerous cyberattacks - and there's no patch
-
Some Docker containers may not be as secure as they like, experts warn
-
This serious Microsoft Entra flaw could have let hackers infiltrate any user, so patch now
These vulnerabilities could hinder malware removal efforts in cloud hosting environments and allow attackers to conceal traces of unauthorized activity.
AWS has acknowledged the vulnerabilities and issued Fluent Bit version 4.1.1 to secure internal systems.
Customers are advised to upgrade workloads to this latest version and use Amazon Inspector, Security Hub, and Systems Manager to detect anomalies.
Enterprises should verify logging configurations and maintain continuous monitoring.
Firewall protection and antivirus measures are recommended alongside these updates to limit exposure.
That said, widespread deployment of Fluent Bit means some residual risk may remain even after patching, and these vulnerabilities are easy to exploit.
"There are multiple vulnerabilities here with different complexity levels," noted Katz. "Some can be triggered with only a basic understanding of Fluent Bit's behavior…while others…demand more familiarity with memory corruption. Overall, the technical bar to exploit these is relatively low."
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
Efosa UdinmwenFreelance JournalistEfosa has been writing about technology for over 7 years, initially driven by curiosity but now fueled by a strong passion for the field. He holds both a Master's and a PhD in sciences, which provided him with a solid foundation in analytical thinking.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
Logout Read more
Experts warn Gladinet file sharing tool flaw prompts dangerous cyberattacks - and there's no patch
Some Docker containers may not be as secure as they like, experts warn
This serious Microsoft Entra flaw could have let hackers infiltrate any user, so patch now
Ransomware hackers could be targeting GoAnywhere MFT once again - here's what we know
Microsoft Teams really could be bad for your (security) health - hackers spoof bosses, send fake messages, and more
Watch out coders - top code formatting sites are apparently exposing huge amounts of user data
Latest in Security
Malicious Blender model files deliver StealC infostealing malware
Popular JavaScript library can be hacked to allow attackers into user accounts
Maybe don't trust every Windows Update without checking - hackers hijack images to spread dangerous malware
This devious botnet tried a trial run during the recent AWS outage - so when will it be back?
Asahi confirms cyberattack leaked data on 1.5 million customers
New macOS malware chain could cause a major security headache - here's what we know
Latest in News
OpenAI apologizes for big Mixpanel data breach that exposed emails and more
Claude Opus 4.5 is now live and "meaningfully better" at everyday tasks
NYT Connections hints and answers for Friday, November 28 (game #901)
NYT Strands hints and answers for Friday, November 28 (game #635)
Quordle hints and answers for Friday, November 28 (game #1404)
Marvel Rivals is having a Black Friday Blowout to celebrate the game's first anniversary – here's how it works
LATEST ARTICLES- 1OpenAI apologizes for big Mixpanel data breach that exposed emails and more – here's what we know
- 2Opera Neon’s AI researcher does in one minute what used to take a dozen tabs
- 3Maybe don't trust every Windows Update without checking - hackers hijack images to spread dangerous malware
- 4Malicious Blender model files deliver StealC infostealing malware
- 5Missouri to enforce mandatory age verification in three days