Oligo Cyber Security has uncovered five critical flaws in the widely deployed open source logging agent Fluent Bit, forcing AWS to step in as cloud workloads face remote takeover threats.
Oligo Cyber Security Ltd. has discovered a chain of five critical vulnerabilities in the open source logging agent Fluent Bit, exposing cloud environments worldwide to the risk of full remote compromise. Fluent Bit, used more than 15 billion times across cloud platforms, Kubernetes clusters, enterprise services and artificial intelligence environments, sits directly on ingestion pipelines, handling untrusted data from containers, files and network endpoints.
The flaws enable attackers to bypass authentication, perform path traversal, overwrite files, hijack routing logic and trigger stack buffer overflows. The most severe issue, CVE-2025-12972, allows unsanitised tags to generate output filenames that can be manipulated using “../” sequences, enabling arbitrary file write and potential remote code execution. Additional pathways include forging tags by guessing a single character, injecting escape characters into downstream logs and exploiting long Docker container names to crash the agent or run code.
Some of the affected code has been present for more than eight years, raising significant concerns about invisible weaknesses in critical open source infrastructure. Disclosure was coordinated with Amazon Web Services Inc., which has secured its internal systems and released Fluent Bit version 4.1.1 while urging customers to update immediately. AWS also recommends Amazon Inspector, AWS Security Hub and AWS Systems Manager to detect and fix exposure.
Oligo highlighted systemic weaknesses in open-source security: “Despite multiple responsible disclosure attempts through official channels, it took more a week and the involvement of a major cloud provider before the vulnerabilities received sustained attention and remediation.”
It added: “The security reporting and CVE assignment process for critical open-source infrastructure is still fragmented and fragile and collaboration between maintainers, cloud providers and security researchers is essential to keep the global software supply chain secure.”
