SQL Injection Vulnerability in Chef Automate by Progress
CVE-2025-6724

8.8HIGH

Key Information:

Vendor: Progress Software
Status: Chef Automate
Vendor: CVE Published:; 29 September 2025

🔔 Create Progress Software Vulnerability Alert

What is CVE-2025-6724?

In Progress Chef Automate prior to version 4.13.295, an SQL injection vulnerability exists that allows an authenticated attacker to exploit improperly neutralized inputs. This flaw provides access to restricted functionalities across multiple services, undermining the application's security by potentially exposing sensitive data and operational controls.

Affected Version(s)

Chef Automate Linux 0

References

https://docs.chef.io/release_notes_automate/#4.13.295

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 29, 2025
Vulnerability Reserved
Jun 26, 2025

JSON