File writes, container overflow, and full agent takeover: Oligo also disclosed a chain of remote code execution (RCE) and path traversal vulnerabilities affecting the tool. CVE-2025-12972 targets the “out_file” output plugin. When Tag values are user-controlled, and no fixed File parameter is set, attackers can abuse the Tag value (e.g.,”../”) to cause path-traversal file writes or overwritesultimately letting them plant malicious files or gain RCE.”Our research found that some of these vulnerabilities, such as CVE 2025-12972, have left cloud environments vulnerable for over 8 years,” Katz noted.In the Docker input plugin (in-Docker), CVE-2025-12970 shows a stack buffer overflow. If an attacker names a container with an excessively long name, the buffer overflow lets them crash the agent or execute code. Oligo warned that the flaw allows attackers to seize the logging agent, hide their activity, plant backdoors, and pivot further into the system.Fluent Bit is a Cloud Native Computing Foundation (CNCF) graduated open-source project, initially created by Eduardo Silva, who remains its most frequent contributor, now sponsored and maintained by major cloud providers.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4095860/fluent-bit-vulnerabilities-could-enable-full-cloud-takeover.html
