Mindbreeze InSpire Vulnerabilities

This page lists known security vulnerabilities found in Mindbreeze InSpire. The article titles contain the Mindbreeze issue number and, in the case of third-party software, the official CVE number. Information about the affected components, severity level, current status and how to prevent the issue as well as hotfix information if applicable, can be found on the detail pages. You can also use the full text search to find specific vulnerabilities.

If you have found a possible security vulnerability, please contact Mindbreeze InSpire Support at support@mindbreeze.com providing detailed information about the problem found.

Vulnerabilities

Chromium Security Update (MINDBREEZE38119)

ID: MINDBREEZE38119 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 8.8 High Status: Final First published: December 12, 2025 
Read more about Chromium Security Update (MINDBREEZE38119)

Expat security update (MINDBREEZE37762)

ID: MINDBREEZE37762 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: High Status: Final First published: December 12, 2025 CVEs: CVE-2025-59375 Summary libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.  Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 
Read more about Expat security update (MINDBREEZE37762)

NGINX Security Update (MINDBREEZE37716)

ID: MINDBREEZE37716 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 4.7 Medium Status: Final First published: December 12, 2025 CVEs: CVE-2024-7347, CVE-2025-23419 Summary nginx: over-read vulnerability in ngx_http_mp4_module nginx: TLS-Session ticket re-use  Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 
Read more about NGINX Security Update (MINDBREEZE37716)

Dell Firmware Updates (MINDBREEZE37610)

ID: MINDBREEZE37610 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 7.2 High Status: Final First published: December 12, 2025 CVEs: CVE-2025-20067 CVE-2025-20613 CVE-2025-22853 CVE-2025-21096 CVE-2025-20053 CVE-2025-21090 CVE-2025-24305 CVE-2025-20109 CVE-2025-20044 CVE-2025-26482 CVE-2025-22397 
Read more about Dell Firmware Updates (MINDBREEZE37610)

Tika Filter PDF XXE (tika-parser-pdf-module) (MINDBREEZE37225)

ID: MINDBREEZE37225 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: Critical Status: Final First published: September 5, 2025 CVEs: CVE-2025-54988 Summary CVE-2025-54988: Critical XXE in Apache Tika (tika-parser-pdf-module)  Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire 25.5 HF1 ReleaseMindbreeze InSpire SaaS 25.5 HF1 Release 
Read more about Tika Filter PDF XXE (tika-parser-pdf-module) (MINDBREEZE37225)

Python Dependency Update (MINDBREEZE36865)

ID: MINDBREEZE36865 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: Critical Status: Final First published: October 15, 2025 CVEs: CVE-2025-55197,  CVE-2025-2828,  CVE-2025-4565 Summary * CVE-2025-55197(high): pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being exhausted. 
Read more about Python Dependency Update (MINDBREEZE36865)

Chromium Security Update (MINDBREEZE36819)

ID: MINDBREEZE36819 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 8.8 High Status: Final First published: October 15, 2025 CVEs: CVE-2025-8010, CVE-2025-8011, CVE-2025-8292, CVE-2025-8576, CVE-2025-8577, CVE-2025-8578, CVE-2025-8579, CVE-2025-8580, CVE-2025-8581, CVE-2025-8582, CVE-2025-8583, CVE-2025-8879, CVE-2025-8880, CVE-2025-8901, CVE-2025-8881, CVE-2025-8882, CVE-2025-9132, CVE-2025-9478 
Read more about Chromium Security Update (MINDBREEZE36819)

Update nimbus-jose-jwt v9 to v10+ (MINDBREEZE36649)

ID: MINDBREEZE36649 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 5.8 Medium Status: Final First published: December 12, 2025 CVEs: CVE-2025-53864 Summary Connect2id Nimbus JOSE + JWT before 10.0.2 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion.  Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 
Read more about Update nimbus-jose-jwt v9 to v10+ (MINDBREEZE36649)

CoreOS Security Update (MINDBREEZE36592)

ID: MINDBREEZE36592 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 7.5 High Status: Final First published: October 15, 2025 CVEs: CVE-2025-0725, CVE-2025-5399, CVE-2025-0665, CVE-2025-4947, CVE-2025-5025, CVE-2025-8058, CVE-2025-0167 Summary glibc: Double free in glibc Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 
Read more about CoreOS Security Update (MINDBREEZE36592)

Python Dependencie Update (MINDBREEZE36511)

ID: MINDBREEZE36511 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: High 8.8 Status: Final First published: August 26, 2025 CVEs: CVE-2024-47081, CVE-2025-3262, CVE-2025-47273, CVE-2025-48379, CVE-2025-48945, CVE-2025-50181, CVE-2025-50182, GITHUB GHSA-5qpg-rh4j-qp35 
Read more about Python Dependencie Update (MINDBREEZE36511)