Overview CVE-2025-12977 identifies a vulnerability affecting the in_http, in_splunk, and in_elasticsearch input plugins in Fluent Bit. The issue stems from a failure to properly sanitize tag_key inputs. This allows an attacker with network access or the ability to write records into Splunk or Elasticsearch to inject malicious tag_key values. These malicious values, containing special characters like newlines or path traversal sequences (../), are then treated as valid tags, leading to a variety of security concerns. Technical Details The vulnerability resides in how Fluent Bit handles the tag_key parameter within the affected input plugins. This parameter is intended to specify a…

Overview A critical vulnerability, identified as CVE-2025-12972, has been discovered in the out_file plugin of Fluent Bit. This flaw allows attackers with network access to potentially write files to arbitrary locations on the system running Fluent Bit, leading to significant security risks. This is achieved by crafting specific tag values containing path traversal sequences, which are then used by Fluent Bit when the File option is omitted in the plugin configuration. Technical Details The vulnerability stems from insufficient sanitization of tag values within the out_file plugin when the File option is not explicitly defined in the configuration. In this scenario,…

Overview A significant security vulnerability, identified as CVE-2025-12970, has been discovered in the in_docker input plugin of Fluent Bit. This vulnerability stems from a buffer overflow in the extract_name function, potentially allowing attackers to cause a denial-of-service (DoS) or, in more severe scenarios, achieve arbitrary code execution. Technical Details The extract_name function within the in_docker input plugin is responsible for extracting container names. However, the function copies these names into a fixed-size stack buffer without proper length validation. An attacker who can influence container names (e.g., by creating containers or controlling existing container names) can exploit this by providing an…

Overview A critical security vulnerability, identified as CVE-2025-12969, has been discovered in the in_forward input plugin of Fluent Bit. This vulnerability allows remote attackers with network access to the Fluent Bit instance to send unauthenticated data, potentially leading to severe consequences. This bypass occurs due to improper enforcement of the security.users authentication mechanism under specific, vulnerable configuration settings. Technical Details The vulnerability stems from an inadequate validation process within the in_forward plugin. Under certain configuration circumstances, the authentication mechanism defined by security.users can be circumvented. This allows attackers to bypass intended security controls and inject arbitrary data directly into the…

Overview CVE-2025-11921 is a security vulnerability affecting iStats, a popular system monitoring application for macOS. Specifically, versions 7.10.4 and earlier are susceptible to a local privilege escalation (LPE) attack. The vulnerability stems from an insecure XPC service within iStats that allows unprivileged users to execute arbitrary commands with root privileges. This can lead to complete system compromise. Technical Details The vulnerability lies within the XPC service used by iStats. This service, intended for inter-process communication, is improperly configured, allowing local users to send malicious commands. An attacker can craft specific requests that exploit this flaw, injecting arbitrary commands that are…

Overview CVE-2025-65998 details a significant security vulnerability in Apache Syncope, an open-source identity management system. If configured to encrypt user passwords in the internal database using AES, the system utilizes a hardcoded, default key value. This flaw allows a malicious attacker, who has gained access to the internal database content, to decrypt user passwords, potentially leading to unauthorized access and data breaches. Technical Details Apache Syncope offers the option to encrypt user passwords with AES within its internal database. However, when enabled, the system employs a default, hardcoded key that is publicly accessible within the source code. This means that…

Overview CVE-2025-65503 describes a use-after-free vulnerability discovered in Redboltz async_mqtt version 10.2.5. This vulnerability can be exploited by local users to trigger a denial-of-service (DoS) condition. The root cause lies in the improper destruction order of objects during error handling, specifically when SSL initialization fails. Technical Details The vulnerability stems from an incorrect destruction order between the io_context and endpoint objects within the Redboltz async_mqtt library. Specifically, if the SSL initialization process encounters a failure, the destruction order may not be properly synchronized. This leads to a situation where the io_context might be destroyed before the endpoint object, resulting in…

Overview CVE-2025-65502 describes a denial-of-service (DoS) vulnerability affecting Cesanta Mongoose versions prior to 7.2. This vulnerability arises from a NULL pointer dereference within the `add_ca_certs()` function during TLS initialization. Specifically, if the `SSL_CTX_get_cert_store()` function returns NULL, a subsequent dereference of this NULL pointer leads to a crash, effectively halting the Mongoose server. Technical Details The vulnerability resides within the `add_ca_certs()` function in the Mongoose library. During TLS initialization, this function attempts to retrieve the certificate store using `SSL_CTX_get_cert_store()`. If this function returns NULL, the code proceeds to dereference this NULL pointer without proper error handling. This dereference then causes a…

Overview CVE-2025-65501 identifies a null pointer dereference vulnerability present in OISM’s libcoap version 4.3.5. This flaw can be triggered during a DTLS handshake process when the SSL_get_app_data() function returns a NULL value. Successful exploitation of this vulnerability could lead to a denial-of-service (DoS) condition, potentially disrupting services relying on the affected libcoap library. Technical Details The vulnerability resides within the coap_dtls_info_callback() function in libcoap. This function is invoked as part of the DTLS handshake procedure. The issue arises when the SSL_get_app_data() function, which aims to retrieve application-specific data associated with the SSL connection, returns a NULL pointer. The coap_dtls_info_callback() function…

Overview CVE-2025-65500 describes a NULL pointer dereference vulnerability found in the coap_dtls_generate_cookie() function within src/coap_openssl.c of OISM libcoap version 4.3.5. This flaw allows a remote attacker to trigger a denial-of-service (DoS) condition by sending a specially crafted DTLS handshake. Specifically, the vulnerability occurs because the SSL_get_SSL_CTX() function can return NULL under certain conditions, which is then dereferenced, leading to the crash. Technical Details The vulnerability lies in the way libcoap handles DTLS handshake processes. During the generation of a cookie for the DTLS handshake, the coap_dtls_generate_cookie() function attempts to retrieve the SSL_CTX object using SSL_get_SSL_CTX(). If this function returns NULL…