Description

Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins contain a flaw in the tag_key validation logic that fails to enforce exact key-length matching. This allows crafted inputs where a tag prefix is incorrectly treated as a full match. A remote attacker with authenticated or exposed access to these input endpoints can exploit this behavior to manipulate tags and redirect records to unintended destinations. This compromises the authenticity of ingested logs and can allow injection of forged data, alert flooding and routing manipulation.

INFO

Published Date :

2025-11-24T14:42:06.305Z

Last Modified :

2026-01-07T15:36:44.975Z

Source :

certcc
AFFECTED PRODUCTS

The following products are affected by CVE-2025-12978 vulnerability.

Vendors Products
Fluentbit
  • Fluent Bit
Treasuredata
  • Fluent Bit
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-12978.

URL Resource
https://fluentbit.io/announcements/v4.1.0/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact