These worrying security flaws could put every major cloud provider at risk - here's what we know so far

• Fluent Bit flaws allow attackers to manipulate logs and execute remote code
• CVE-2025-12972 permits overwriting files on disk for potential system compromise
• CVE-2025-12970 exploits a stack buffer overflow to trigger remote code execution

A widely used open source log processing tool contains critical flaws that could allow attackers to compromise cloud infrastructure, experts have warned.

Research from Oligo claims the vulnerabilities in Fluent Bit allow manipulation of logs, bypassing authentication, and the execution of remote code on systems across major cloud providers, including AWS, Google Cloud, and Microsoft Azure.

Fluent Bit is deployed in billions of containers and used extensively by industries such as banking, AI, and manufacturing, making it an interesting target.