Untrusted user data can lead to privilege escalation_CVE-2025-6723

5.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N

Description

Chef InSpec up to version 5.23 creates named pipes with overly permissive default Windows access controls. A local attacker may interfere with the pipe connection process and exploit the insufficient access restrictions to assume the InSpec execution context, potentially resulting in elevated privileges or operational disruption.

This issue affects Chef Inspec: through 5.23.

Basic Information

ID CVE-2025-6723

Source ProgressSoftware

Published Jan 30, 2026 at 14:09

Affected Product

Vendor Progress Software

Product Chef Inspec

Affected Versions Progress Software Chef Inspec 0

CWE Classification

CWE-269 CWE-287

References

docs.chef.io /inspec/

{
    "lastseen": "",
    "description": "Chef InSpec up to version 5.23 creates named pipes with overly permissive default Windows access controls. A local attacker may interfere with the pipe connection process and exploit the insufficient access restrictions to assume the InSpec execution context, potentially resulting in elevated privileges or operational disruption.\n\nThis issue affects Chef Inspec: through 5.23.",
    "published": "2026-01-30T14:09:41.182Z",
    "modified": "2026-01-30T14:09:41.182Z",
    "type": "cve",
    "title": "Untrusted user data can lead to privilege escalation",
    "source": "ProgressSoftware",
    "references": "https://docs.chef.io/inspec/",
    "id": "CVE-2025-6723",
    "bulletinFamily": "",
    "cwe": [
        "CWE-269",
        "CWE-287"
    ],
    "cvelist": null,
    "sourceData": "Progress Software Chef Inspec 0",
    "sourceHref": "",
    "cvss": {
        "score": 5.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Chef Inspec",
    "version": "0",
    "vendor": "Progress Software",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}