{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-8868", "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "state": "PUBLISHED", "assignerShortName": "ProgressSoftware", "dateReserved": "2025-08-11T14:53:51.880Z", "datePublished": "2025-09-29T11:29:50.463Z", "dateUpdated": "2025-09-29T12:55:02.884Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://github.com/chef/automate", "defaultStatus": "unaffected", "modules": ["API-Token", "compliance-service"], "packageName": "compliance service", "platforms": ["Linux", "x86", "64 bit"], "product": "Chef Automate", "repo": "https://github.com/chef/automate", "vendor": "Progress Software", "versions": [{"lessThan": "4.13.295", "status": "affected", "version": "0", "versionType": "Customer on-premises deployed product and hosted services"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "This vulnerability was discovered by XBOW."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in the compliance service via \n\nimproperly neutralized inputs used in an SQL command using a well-known token.</span>"}], "value": "In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in the compliance service via \n\nimproperly neutralized inputs used in an SQL command using a well-known token."}], "impacts": [{"capecId": "CAPEC-633", "descriptions": [{"lang": "en", "value": "CAPEC-633 Token Impersonation"}]}, {"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}, {"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "shortName": "ProgressSoftware", "dateUpdated": "2025-09-29T11:29:50.463Z"}, "references": [{"url": "https://docs.chef.io/release_notes_automate/#4.13.295"}], "source": {"discovery": "EXTERNAL"}, "title": "Chef Automate compliance service SQL Injection Vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-29T12:54:55.426558Z", "id": "CVE-2025-8868", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-29T12:55:02.884Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-8868", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-09-29T12:54:55.426558Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-29T12:54:58.851Z"}}], "cna": {"title": "Chef Automate compliance service SQL Injection Vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "This vulnerability was discovered by XBOW."}], "impacts": [{"capecId": "CAPEC-633", "descriptions": [{"lang": "en", "value": "CAPEC-633 Token Impersonation"}]}, {"capecId": "CAPEC-37", "descriptions": [{"lang": "en", "value": "CAPEC-37 Retrieve Embedded Sensitive Data"}]}, {"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/chef/automate", "vendor": "Progress Software", "modules": ["API-Token", "compliance-service"], "product": "Chef Automate", "versions": [{"status": "affected", "version": "0", "lessThan": "4.13.295", "versionType": "Customer on-premises deployed product and hosted services"}], "platforms": ["Linux", "x86", "64 bit"], "packageName": "compliance service", "collectionURL": "https://github.com/chef/automate", "defaultStatus": "unaffected"}], "references": [{"url": "https://docs.chef.io/release_notes_automate/#4.13.295"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in the compliance service via \n\nimproperly neutralized inputs used in an SQL command using a well-known token.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in the compliance service via \n\nimproperly neutralized inputs used in an SQL command using a well-known token.</span>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "shortName": "ProgressSoftware", "dateUpdated": "2025-09-29T11:29:50.463Z"}}}, "cveMetadata": {"cveId": "CVE-2025-8868", "state": "PUBLISHED", "dateUpdated": "2025-09-29T12:55:02.884Z", "dateReserved": "2025-08-11T14:53:51.880Z", "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05", "datePublished": "2025-09-29T11:29:50.463Z", "assignerShortName": "ProgressSoftware"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:chef:automate:*:*:*:*:*:*:*:*", "matchCriteriaId": "A0808A5D-2AB3-4BA9-980F-257510F81F64", "versionEndExcluding": "4.13.295", "vulnerable": true}, {"criteria": "cpe:2.3:a:chef:automate:*:*:*:*:*:*:*:*", "matchCriteriaId": "D98232AE-823F-4030-AB0E-AFF82839F5BA", "versionEndIncluding": "20220329091442", "versionStartIncluding": "20180319150121", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in the compliance service via \n\nimproperly neutralized inputs used in an SQL command using a well-known token."}], "id": "CVE-2025-8868", "lastModified": "2025-10-16T17:14:27.610", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@progress.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-09-29T12:15:49.230", "references": [{"source": "security@progress.com", "tags": ["Patch"], "url": "https://docs.chef.io/release_notes_automate/#4.13.295"}], "sourceIdentifier": "security@progress.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}, {"lang": "en", "value": "CWE-200"}], "source": "security@progress.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}