Update nimbus-jose-jwt v9 to v10+ (MINDBREEZE36649)

ID: MINDBREEZE36649 
Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS 
Severity: 5.8 Medium 
Status: Final 
First published: December 12, 2025 
CVEs: CVE-2025-53864 

Summary 

Connect2id Nimbus JOSE + JWT before 10.0.2 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. 

Hotfix Information 

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 

• Mindbreeze InSpire 25.7 Release
• Mindbreeze InSpire SaaS 25.7 Release