CVE-2025-6723 – Chef InSpec versions up to 5.23 create Windows ... (How to Fix)

Q: What is the severity of CVE-2025-6723?

CVE-2025-6723 has a CVSS score of N/A (Unknown). Chef InSpec versions up to 5.23 create Windows named pipes with overly permissive access controls, allowing local attackers to hijack pipe connections. This could enable privilege escalation or disruption of InSpec operations. Only affects Windows systems running vulnerable InSpec versions.

📋 TL;DR

Chef InSpec versions up to 5.23 create Windows named pipes with overly permissive access controls, allowing local attackers to hijack pipe connections. This could enable privilege escalation or disruption of InSpec operations. Only affects Windows systems running vulnerable InSpec versions.

💻 Affected Systems

Products:

Chef InSpec

Versions: through 5.23

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Windows installations. Linux/macOS systems are not vulnerable.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local attacker gains elevated privileges equal to InSpec's execution context, potentially achieving full system compromise.

🟠

Likely Case

Local attacker disrupts InSpec operations or gains limited privilege escalation within the InSpec context.

🟢

If Mitigated

Attack fails due to proper access controls or attacker lacks local access to vulnerable system.

🌐 Internet-Facing: LOW - Requires local access to the system, not remotely exploitable.

🏢 Internal Only: MEDIUM - Local attackers on Windows systems with InSpec could exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and knowledge of named pipe manipulation on Windows.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.24 or later

Vendor Advisory: https://docs.chef.io/inspec/

Restart Required: No

Instructions:

1. Update Chef InSpec to version 5.24 or later. 2. Run 'inspec --version' to confirm update. 3. No system restart required.

🔧 Temporary Workarounds

Restrict local user access

windows

Limit local user accounts on Windows systems running InSpec to reduce attack surface.

Monitor named pipe creation

windows

Implement monitoring for suspicious named pipe creation or access attempts.

🧯 If You Can't Patch

Restrict local user access to Windows systems running vulnerable InSpec versions.
Implement strict access controls and monitoring for named pipe operations.

🔍 How to Verify

Check if Vulnerable:

Run 'inspec --version' and check if version is 5.23 or earlier on Windows systems.

Check Version:

inspec --version

Verify Fix Applied:

Run 'inspec --version' and confirm version is 5.24 or later.

📡 Detection & Monitoring

Log Indicators:

Unusual named pipe creation events in Windows Event Logs
Failed or suspicious InSpec execution attempts

Network Indicators:

Local inter-process communication anomalies

SIEM Query:

EventID=17 OR EventID=18 (Pipe creation/connection) AND ProcessName contains 'inspec'

📊 Metadata

CVE ID: CVE-2025-6723

CVSS v3 Score: N/A (Unknown)

CWE: CWE-269

EPSS Score: 0.01% exploit probability (2.2th percentile)

Published: January 30, 2026

Last Updated: February 4, 2026

🔗 References

https://docs.chef.io/inspec/

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-6723, you might also want to check these: