Unrated severityNVD Advisory· Published Sep 29, 2025· Updated Sep 29, 2025

Chef Automate compliance service SQL Injection Vulnerability

CVE-2025-8868

Description

In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in the compliance service via

improperly neutralized inputs used in an SQL command using a well-known token.

Affected products

Progress (organisation)/Chef Automatellm-fuzzy
Range: <4.13.295
Progress Software/Chef Automatev5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

docs.chef.io/release_notes_automate/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.017
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000