AZL-71108

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-71108.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-71108

Upstream

CVE-2025-12969

Published

2025-11-24T15:15:46Z

Modified

2026-04-21T04:36:31.886858Z

Summary

CVE-2025-12969 affecting package fluent-bit for versions less than 3.1.10-4

Details

Fluent Bit in_forward input plugin does not properly enforce the security.users authentication mechanism under certain configuration conditions. This allows remote attackers with network access to the Fluent Bit instance exposing the forward input to send unauthenticated data. By bypassing authentication controls, attackers can inject forged log records, flood alerting systems, or manipulate routing decisions, compromising the authenticity and integrity of ingested logs.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-12969

Affected packages

Azure Linux:3 / fluent-bit

Package

Name: fluent-bit
Purl: pkg:rpm/azure-linux/fluent-bit

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.10-4

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-71108.json"