CVE-2025-6723

UNKNOWN 0.0

Untrusted user data can lead to privilege escalation

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Chef InSpec versions up to 5.23 and before 7.0.107 creates named pipes with overly permissive default Windows access controls. A local attacker may interfere with the pipe connection process and exploit the insufficient access restrictions to assume the InSpec execution context, potentially resulting in elevated privileges or operational disruption. This issue affects Chef Inspec: through 5.23 and before 7.0.107

CWE	CWE-269 CWE-287
Vendor	progress software
Product	chef inspec
Published	Jan 30, 2026
Last Updated	Mar 11, 2026

Stay Ahead of the Next One

Get instant alerts for progress software chef inspec

Be the first to know when new unknown vulnerabilities affecting progress software chef inspec are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Progress Software / Chef Inspec

0 ≤ <=5.23, <7.0.107

References

NVD ↗ CVE.org ↗ EPSS Data ↗

docs.chef.io: https://docs.chef.io/inspec/

Credits

🔍 Yuval Gordon, Akamai 🔍 Maayan Shaul, Microsoft