Elevated Privileges Vulnerability in Chef InSpec by Chef Software
CVE-2025-6723

5.8MEDIUM

Key Information:

Vendor: Progress Software
Status: Chef Inspec
Vendor: CVE Published:; 30 January 2026

🔔 Create Progress Software Vulnerability Alert

What is CVE-2025-6723?

Chef InSpec, up to version 5.23, is susceptible to a security vulnerability stemming from the creation of named pipes with excessively permissive default Windows access controls. A local attacker can exploit this weakness to interfere with the pipe connection process, ultimately gaining access to the InSpec execution context. This exploitation could potentially lead to unauthorized elevation of privileges or disruption of operational functionality, posing significant risks to system integrity and security.

Affected Version(s)

Chef Inspec Windows 0

References

https://docs.chef.io/inspec/

CVSS V4

Score:

5.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 30, 2026
Vulnerability Reserved
Jun 26, 2025

Credit

Yuval Gordon, Akamai

Maayan Shaul, Microsoft

CVE-2025-6723 Data

JSON