Description
Chef InSpec versions up to 5.23 and before 7.0.107 creates named pipes with overly permissive default Windows access controls. A local attacker may interfere with the pipe connection process and exploit the insufficient access restrictions to assume the InSpec execution context, potentially resulting in elevated privileges or operational disruption. This issue affects Chef Inspec: through 5.23 and before 7.0.107
INFO
Published Date :
2026-01-30T14:09:41.182Z
Last Modified :
2026-03-11T14:30:44.870Z
Source :
ProgressSoftware
AFFECTED PRODUCTS
The following products are affected by CVE-2025-6723 vulnerability.
| Vendors | Products |
|---|---|
| Chef |
|
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2025-6723.
| URL | Resource |
|---|---|
| https://docs.chef.io/inspec/ |
|
CVSS Vulnerability Scoring System
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability