PT-2026-5397 · Chef · Chef Inspec
Published
2026-01-30
·
Updated
2026-03-11
·
CVE-2025-6723
CVSS v4.0
5.8
Medium
| Vector | AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Chef InSpec versions through 5.23
Description
Chef InSpec up to version 5.23 creates named pipes with overly permissive default Windows access controls. A local attacker may interfere with the pipe connection process and exploit the insufficient access restrictions to assume the InSpec execution context, potentially resulting in elevated privileges or operational disruption.
Recommendations
Update Chef InSpec to a version later than 5.23.
Fix
LPE
Improper Privilege Management
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Chef Inspec