Python Dependency Update (MINDBREEZE36865)

ID: MINDBREEZE36865
Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS
Severity: Critical
Status: Final
First published: October 15, 2025
CVEs: CVE-2025-55197, CVE-2025-2828, CVE-2025-4565

Summary

* CVE-2025-55197(high): pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being exhausted.

* CVE-2025-2828(critical): A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the langchain-community package.

* CVE-2025-4565(medium): Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit.

Hotfix Information

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:

Mindbreeze InSpire 25.6 Release
Mindbreeze InSpire SaaS 25.6 Release

Python Dependency Update (MINDBREEZE36865)

Summary

Social Media

Security

Support

Newsletter

Language