Mindbreeze InSpire Vulnerabilities

This page lists known security vulnerabilities found in Mindbreeze InSpire. The article titles contain the Mindbreeze issue number and, in the case of third-party software, the official CVE number. Information about the affected components, severity level, current status and how to prevent the issue as well as hotfix information if applicable, can be found on the detail pages. You can also use the full text search to find specific vulnerabilities.

If you have found a possible security vulnerability, please contact Mindbreeze InSpire Support at support@mindbreeze.com providing detailed information about the problem found.

Vulnerabilities

Tika Filter PDF XXE (tika-parser-pdf-module) (MINDBREEZE37225)

ID: MINDBREEZE37225 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: Critical Status: Final First published: September 5, 2025 CVEs: CVE-2025-54988 Summary CVE-2025-54988: Critical XXE in Apache Tika (tika-parser-pdf-module)  Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire 25.5 HF1 ReleaseMindbreeze InSpire SaaS 25.5 HF1 Release 
Read more about Tika Filter PDF XXE (tika-parser-pdf-module) (MINDBREEZE37225)

Python Dependency Update (MINDBREEZE36865)

ID: MINDBREEZE36865 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: Critical Status: Final First published: October 15, 2025 CVEs: CVE-2025-55197,  CVE-2025-2828,  CVE-2025-4565 Summary * CVE-2025-55197(high): pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being exhausted. 
Read more about Python Dependency Update (MINDBREEZE36865)

Chromium Security Update (MINDBREEZE36819)

ID: MINDBREEZE36819 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 8.8 High Status: Final First published: October 15, 2025 CVEs: CVE-2025-8010, CVE-2025-8011, CVE-2025-8292, CVE-2025-8576, CVE-2025-8577, CVE-2025-8578, CVE-2025-8579, CVE-2025-8580, CVE-2025-8581, CVE-2025-8582, CVE-2025-8583, CVE-2025-8879, CVE-2025-8880, CVE-2025-8901, CVE-2025-8881, CVE-2025-8882, CVE-2025-9132, CVE-2025-9478 
Read more about Chromium Security Update (MINDBREEZE36819)

CoreOS Security Update (MINDBREEZE36592)

ID: MINDBREEZE36592 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 7.5 High Status: Final First published: October 15, 2025 CVEs: CVE-2025-0725, CVE-2025-5399, CVE-2025-0665, CVE-2025-4947, CVE-2025-5025, CVE-2025-8058, CVE-2025-0167 Summary glibc: Double free in glibc Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 
Read more about CoreOS Security Update (MINDBREEZE36592)

Python Dependencie Update (MINDBREEZE36511)

ID: MINDBREEZE36511 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: High 8.8 Status: Final First published: August 26, 2025 CVEs: CVE-2024-47081, CVE-2025-3262, CVE-2025-47273, CVE-2025-48379, CVE-2025-48945, CVE-2025-50181, CVE-2025-50182, GITHUB GHSA-5qpg-rh4j-qp35 
Read more about Python Dependencie Update (MINDBREEZE36511)

Sudo security update to version 1.9.17p1 (MINDBREEZE36510)

ID: MINDBREEZE36510 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 7.8 High Status: Final First published: August 26, 2025 CVEs:  CVE-2025-32462, CVE-2025-32463 
Read more about Sudo security update to version 1.9.17p1 (MINDBREEZE36510)

Sudo security update to version 1.9.17p1 (MINDBREEZE36510)

ID: MINDBREEZE36510 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 7.8 High Status: Final First published: July 30, 2025 CVEs:  CVE-2025-32462, CVE-2025-32463 Summary Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.  
Read more about Sudo security update to version 1.9.17p1 (MINDBREEZE36510)

Security update of Poco to version 1.14.2 (MINDBREEZE36501)

ID: MINDBREEZE36501 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: Low Status: Final First published: October 15, 2025 CVEs: CVE-2025-6375 
Read more about Security update of Poco to version 1.14.2 (MINDBREEZE36501)

Dell Firmware Updates (MINDBREEZE36425)

ID: MINDBREEZE36425 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 6.5 Medium Status: Final First published: August 26, 2025 CVEs: CVE-2025-20103, CVE-2025-20054, CVE-2024-45332, CVE-2024-43420, CVE-2025-20623 
Read more about Dell Firmware Updates (MINDBREEZE36425)

CoreOS Security Update (MINDBREEZE36424)

ID: MINDBREEZE36424 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 9.4 Critical Status: Final First published: August 26, 2025 CVEs: CVE-2025-23395, CVE-2025-46802, CVE-2025-46803,  CVE-2025-46804, CVE-2025-46805, CVE-2025-5278, CVE-2025-4598, CVE-2025-6032, CVE-2025-6020, CVE-2024-57970,  CVE-2025-1632, CVE-2025-25724, CVE-2024-12718, CVE-2025-4138, CVE-2025-4330, CVE-2025-4517 
Read more about CoreOS Security Update (MINDBREEZE36424)