Unrated severityNVD Advisory· Published Sep 29, 2025· Updated Sep 29, 2025

Chef Automate SQL Injection Vulnerability

CVE-2025-6724

Description

In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in multiple services via improperly neutralized inputs used in an SQL command.

Affected products

Progress (organisation)/Chef Automatellm-create
Range: <4.13.295
Progress Software/Chef Automatev5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

docs.chef.io/release_notes_automate/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000