Strix
26.1K

CVE-2025-12977

CRITICALCVSS 9.1/10EPSS 0.63%

Last modified

CVE-2025-12977 is a critical-severity vulnerability rated 9.1/10 on the CVSS scale. Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tag_key values containing special characters such as newlines or ../ that are treated as valid tags. EPSS estimates a 0.63% chance of exploitation in the next 30 days.

Description

Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tag_key values containing special characters such as newlines or ../ that are treated as valid tags. Because tags influence routing and some outputs derive filenames or contents from tags, this can allow newline injection, path traversal, forged record injection, or log misrouting, impacting data integrity and log routing.

Metrics

CVSS 3.1
9.1/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS Probability
0.63%

45.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
TreasuredataFluent Bit4.1.0

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2025-12977?
Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tag_key values containing special characters such as newlines or ../ that are treated as valid tags. Because tags influence routing and some outputs derive filenames or contents from tags, this can allow newline injection, path traversal, forged record injection, or log misrouting, impacting data integrity and log routing.
How severe is CVE-2025-12977?
CVE-2025-12977 has a CVSS score of 9.1/10 (CRITICAL severity). The EPSS model estimates a 0.63% probability of exploitation in the next 30 days.
How do I fix CVE-2025-12977?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-12977?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST