CVE-2025-45311 Command Execution / Privilege Escalation in Fail2Ban 0.11.2 Product: Fail2Ban Version(s) Affected: 0.11.2 Vendor: Fail2Ban Project CVE ID: CVE-2025-45311 Description Fail2Ban 0.11.2 has a vulnerability that allows an attacker to influence logged input. Due to inadequate sanitization of variables passed to action scripts, attackers can exploit this for privilege escalation. Impact If exploited, an attacker can: Execute commands as the Fail2Ban runtime user (typically root) Escalate privileges from a low-level service to full system control Modify Fail2Ban rules, leading to bans being bypassed or manipulated Fully compromise the underlying host, depending on the environment Affected Configuration Conditions The vulnerability is exploitable when: The attacker can generate log entries processed by a Fail2Ban filter (e.g., SSH, web services) Fail2Ban is set up with an action that uses unsanitized variables in shell commands The target system runs Fail2Ban 0.11.2 with default or custom shell-template-dependent actions Steps to Reproduce Set up Fail2Ban 0.11.2 with a jail (e.g., sshd), with a shell-command-dependent action Generate controlled log entries that match the filter criteria Insert crafted characters into the input that ends up in the log Fail2Ban processes the log and passes components to the action script, leading to unintended command execution References CVE Request: CVE-2025-45311 Fail2Ban Project: https://www.fail2ban.org Discovery Discovered: 26.09.2025 Reporter: Raed Ahsan