Elevated Privileges Vulnerability in Chef InSpec by Chef Software
CVE-2025-6723

5.8MEDIUM

Key Information:

Vendor: Progress Software
Status: Chef Inspec
Vendor: CVE Published:; 30 January 2026

🔔 Create Progress Software Vulnerability Alert

What is CVE-2025-6723?

Chef InSpec, up to version 5.23, is susceptible to a security vulnerability stemming from the creation of named pipes with excessively permissive default Windows access controls. A local attacker can exploit this weakness to interfere with the pipe connection process, ultimately gaining access to the InSpec execution context. This exploitation could potentially lead to unauthorized elevation of privileges or disruption of operational functionality, posing significant risks to system integrity and security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Chef Inspec Windows 0

References

https://docs.chef.io/inspec/

CVSS V4

Score:

5.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Jan 30, 2026
Vulnerability Reserved
Jun 26, 2025

Credit

Yuval Gordon, Akamai

Maayan Shaul, Microsoft

JSON

Progress Software