Mindbreeze InSpire Vulnerabilities

This page lists known security vulnerabilities found in Mindbreeze InSpire. The article titles contain the Mindbreeze issue number and, in the case of third-party software, the official CVE number. Information about the affected components, severity level, current status and how to prevent the issue as well as hotfix information if applicable, can be found on the detail pages. You can also use the full text search to find specific vulnerabilities.

If you have found a possible security vulnerability, please contact Mindbreeze InSpire Support at support@mindbreeze.com providing detailed information about the problem found.

Vulnerabilities

OpenJDK update to 1.8.0u472, 17.0.17, 21.0.9 (MINDBREEZE39506)

ID: MINDBREEZE39506 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 7.5 High Status: Final First published: February 5, 2026 CVEs: CVE-2025-53066, CVE-2025-53057, CVE-2025-61748 Summary CVE-2025-53066: openjdk: Enhance Path Factories CVE-2025-53057: openjdk: Enhance Certificate Handling CVE-2025-61748: openjdk: Enhance String Handling  Hotfix Information 
Read more about OpenJDK update to 1.8.0u472, 17.0.17, 21.0.9 (MINDBREEZE39506)

Chromium Security Update (MINDBREEZE39071)

ID: MINDBREEZE39071 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 6.8 Medium Status: Final First published: February 5, 2026 CVEs: CVE-2025-11756 CVE-2025-12036 CVE-2025-12428 CVE-2025-12429 CVE-2025-12430 CVE-2025-12431 CVE-2025-12432 CVE-2025-12433 CVE-2025-12036 CVE-2025-12434 CVE-2025-12435 CVE-2025-12436 CVE-2025-12437 CVE-2025-12438 CVE-2025-12439 CVE-2025-12440 CVE-2025-12441 CVE-2025-12443 CVE-2025-12444 CVE-2025-12445 CVE-2025-12446 CVE-2025-12447 CVE-2025-12725 CVE-2025-12726 CVE-2025-12727 CVE-2025-12728 CVE-2025-12729 CVE-2025-13042 
Read more about Chromium Security Update (MINDBREEZE39071)

Chromium Security Update (MINDBREEZE38119)

ID: MINDBREEZE38119 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 8.8 High Status: Final First published: December 12, 2025 
Read more about Chromium Security Update (MINDBREEZE38119)

CoreOS Security Update (MINDBREEZE37798)

ID: MINDBREEZE37798 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 7.5 High Status: Final First published: February 5, 2026 CVEs: CVE-2025-9230 CVE-2025-9231 CVE-2025-9232 CVE-2025-10966 CVE-2025-11563 CVE-2025-31133 CVE-2025-52565 CVE-2025-52881 
Read more about CoreOS Security Update (MINDBREEZE37798)

Expat security update (MINDBREEZE37762)

ID: MINDBREEZE37762 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: High Status: Final First published: December 12, 2025 CVEs: CVE-2025-59375 Summary libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.  Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 
Read more about Expat security update (MINDBREEZE37762)

NGINX Security Update (MINDBREEZE37716)

ID: MINDBREEZE37716 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 4.7 Medium Status: Final First published: December 12, 2025 CVEs: CVE-2024-7347, CVE-2025-23419 Summary nginx: over-read vulnerability in ngx_http_mp4_module nginx: TLS-Session ticket re-use  Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 
Read more about NGINX Security Update (MINDBREEZE37716)

Dell Firmware Updates (MINDBREEZE37610)

ID: MINDBREEZE37610 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 7.2 High Status: Final First published: December 12, 2025 CVEs: CVE-2025-20067 CVE-2025-20613 CVE-2025-22853 CVE-2025-21096 CVE-2025-20053 CVE-2025-21090 CVE-2025-24305 CVE-2025-20109 CVE-2025-20044 CVE-2025-26482 CVE-2025-22397 
Read more about Dell Firmware Updates (MINDBREEZE37610)

Tika Filter PDF XXE (tika-parser-pdf-module) (MINDBREEZE37225)

ID: MINDBREEZE37225 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: Critical Status: Final First published: September 5, 2025 CVEs: CVE-2025-54988 Summary CVE-2025-54988: Critical XXE in Apache Tika (tika-parser-pdf-module)  Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire 25.5 HF1 ReleaseMindbreeze InSpire SaaS 25.5 HF1 Release 
Read more about Tika Filter PDF XXE (tika-parser-pdf-module) (MINDBREEZE37225)

Python Dependency Update (MINDBREEZE36865)

ID: MINDBREEZE36865 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: Critical Status: Final First published: October 15, 2025 CVEs: CVE-2025-55197,  CVE-2025-2828,  CVE-2025-4565 Summary * CVE-2025-55197(high): pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being exhausted. 
Read more about Python Dependency Update (MINDBREEZE36865)

Chromium Security Update (MINDBREEZE36819)

ID: MINDBREEZE36819 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 8.8 High Status: Final First published: October 15, 2025 CVEs: CVE-2025-8010, CVE-2025-8011, CVE-2025-8292, CVE-2025-8576, CVE-2025-8577, CVE-2025-8578, CVE-2025-8579, CVE-2025-8580, CVE-2025-8581, CVE-2025-8582, CVE-2025-8583, CVE-2025-8879, CVE-2025-8880, CVE-2025-8901, CVE-2025-8881, CVE-2025-8882, CVE-2025-9132, CVE-2025-9478 
Read more about Chromium Security Update (MINDBREEZE36819)