Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Fluent Bit telemetry agent flaws multiple vulnerabilities path traversal flaw (CVE-2025-12972)

Vulnerability
First reported
Last updated
Happening score
H score 16
1 unique sources, 1 articles

Summary

Hide ▲

Fluent Bit has five newly disclosed vulnerabilities that can be chained to compromise cloud and Kubernetes infrastructure, including remote code execution, log tampering, and telemetry injection. The set includes CVE-2025-12972, a path traversal flaw, plus buffer overflow, tag spoofing, improper input validation, and missing-authentication issues. The issues were fixed in 4.1.1 and 4.0.12, and operators are being told to update quickly and harden routing and file paths. In exposed deployments, the flaws could let an attacker rewrite logs, inject false events, and expand access deeper into the environment.

Related Happenings

Ghost CMS CVE-2026-26980 ClickFix campaign

Campaign
First: 24.05.2026 17:12 Last: 24.05.2026 17:12 Sources 1

About this happening: A **large-scale campaign** is exploiting **CVE-2026-26980** in **Ghost CMS** to plant malicious JavaScript and drive **ClickFix** lure pages, putting exposed sites and their visit...

Open Happening

MongoDB CVE-2025-14847 active exploitation worldwide

Exploitation Wave
First: 29.12.2025 09:49 Last: 29.12.2025 09:49 Sources 1

About this happening: **CVE-2025-14847** is being **actively exploited** against **MongoDB** deployments, putting a global pool of **87,000+** potentially susceptible instances at risk. The wave matter...

Open Happening

Cloudflare WAF protections for React2Shell (CVE-2025-55182)

Advisory/Mitigation
First: 05.12.2025 17:12 Last: 05.12.2025 17:12 Sources 1

About this happening: Cloudflare rolled out **WAF protections** for **CVE-2025-55182 / React2Shell**, a mitigation aimed at reducing **unauthenticated RCE** risk across **React** deployments. The actio...

Open Happening

Fluent Bit critical input validation tag-processing and authentication bypass flaws authentication bypass flaw

Vulnerability
First: 24.11.2025 17:00 Last: 24.11.2025 17:00 Sources 1

About this happening: Researchers disclosed **critical Fluent Bit vulnerabilities** that can let **network-reachable attackers** tamper with **logging pipelines** and potentially reach **code execution...

Open Happening

VMware Aria Operations and VMware Tools CVE-2025-41244 exploitation wave

Exploitation Wave
First: 30.09.2025 17:54 Last: 30.09.2025 17:54 Sources 1

About this happening: A **CVE-2025-41244** exploitation wave has affected **VMware Aria Operations** and **VMware Tools** since **mid-October 2024**, creating **privilege-escalation** risk on vulnerabl...

Latest development: 31.10.2025 09:09

CISA added CVE-2025-41244 affecting Broadcom VMware Tools and VMware Aria Operations to the KEV catalog after reports of active exploitation in the wild. Broadcom had already addressed the flaw, which NVISO Labs says was abused as a zero-day since mid-October 2024 to escalate a local actor to root on vulnerable VMs. Federal Civilian Executive Branch agencies must apply mitigations by November 20, 2025.

Open Happening

Timeline

  1. 24.11.2025 17:03 2 articles · 6mo ago

    Five Fluent Bit vulnerabilities disclosed

    Initial Disclosure

    Researchers disclosed five Fluent Bit vulnerabilities, including CVE-2025-12972, CVE-2025-12970, CVE-2025-12978, CVE-2025-12977, and CVE-2025-12969, that can enable authentication bypass, path traversal, remote code execution, denial of service, log tampering, and telemetry injection against cloud and Kubernetes deployments. CERT/CC said many of the flaws require network access to a Fluent Bit instance, and AWS urged operators to update to versions 4.1.1 and 4.0.12 and harden tag routing, output paths, read-only configuration mounts, and non-root execution.

    Show sources
    Open in new tab