Mindbreeze InSpire Vulnerabilities
This page lists known security vulnerabilities found in Mindbreeze InSpire. The article titles contain the Mindbreeze issue number and, in the case of third-party software, the official CVE number. Information about the affected components, severity level, current status and how to prevent the issue as well as hotfix information if applicable, can be found on the detail pages. You can also use the full text search to find specific vulnerabilities.
If you have found a possible security vulnerability, please contact Mindbreeze InSpire Support at support@mindbreeze.com providing detailed information about the problem found.
Vulnerabilities
ID: MINDBREEZE34496 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 5.9 Medium Status: Final First published: April 28, 2025 CVEs: CVE-2025-26466 Summary openssh: Denial-of-service in OpenSSH Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire 25.2 ReleaseMindbreeze InSpire Saas 25.2 Release
ID: MINDBREEZE34495 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: High Status: Final First published: April 28, 2025 CVEs: MINDBREEZE34495 Summary Fixed an issue when the SharePoint Online Connector is not active for more than 60 days, that the next crawl run or update might not fetch all changes, (including ACL changes) which might result in incomplete documents and/or incomplete access control. Hotfix Information
ID: MINDBREEZE34330 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 6.8 Medium Status: Final First published: April 28, 2025 CVEs: CVE-2025-0444, CVE-2025-0445, CVE-2025-0995, CVE-2025-0996, CVE-2025-0997, CVE-2025-0998, CVE-2025-0999, CVE-2025-1426, CVE-2025-1006, CVE-2025-1914, CVE-2025-1916, CVE-2025-1917, CVE-2025-1918, CVE-2025-1919, CVE-2025-1921, CVE-2025-1922, CVE-2025-1923, CVE-2025-1920, CVE-2025-2135, CVE-2025-2137, CVE-2025-2476, Chromium internal issue: 396481096
ID: MINDBREEZE33995 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 8.2 High Status: Final CVEs: MINDBREEZE33995 Summary Fixed: Possible stored XSS attacks within unescaped mustache templates Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire 24.8 Hotfix 2 Release Mindbreeze InSpire Saas 24.8 Hotfix 2 Release
ID: MINDBREEZE33992 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: Critical Status: Final First published: January 28, 2025 CVEs: MINDBREEZE33992 Summary WebPageThumbnailer thumbnail destination url can be overwritten via custom metadata which is not further validated and can lead to potential unintended local network access. Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:
ID: MINDBREEZE33949 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: High Status: Final First published: January 28, 2025 CVEs: MINDBREEZE33949 Summary Fixed incorrect privilege assignment on some API endpoints, which may allow access to restricted information. Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire 24.8 Hotfix 1 Release Mindbreeze InSpire Saas 24.8 Hotfix 1 Release
ID: MINDBREEZE33815 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 6.8 Medium Status: Final CVEs: CVE-2024-11395, CVE-2024-12053, CVE-2024-12381, CVE-2024-12692, CVE-2024-12693, CVE-2024-12694, CVE-2024-12695, CVE-2025-0434, CVE-2025-0435, CVE-2025-0436, CVE-2025-0437, CVE-2025-0438, CVE-2025-0439, CVE-2025-0441, CVE-2025-0442, CVE-2025-0447, CVE-2025-0448, CVE-2025-0291, CVE-2025-0611, CVE-2025-0612
ID: MINDBREEZE33802 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 6.5 Medium Status: Final First published: April 28, 2025 CVEs: CVE-2024-39279, CVE-2024-28047, CVE-2024-36293 Summary Insufficient granularity of access control in UEFI firmware Improper input validation in UEFI firmware Improper access control in the EDECCSSA user leaf function Hotfix Information
ID: MINDBREEZE32874 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 7.5 High Status: Final First published: April 28, 2025 CVEs: CVE-2024-21538, CVE-2024-27088, CVE-2023-24807, CVE-2024-28176, CVE-2024-4068, CVE-2024-28863
ID: MINDBREEZE32737 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: Medium Status: Final First published: April 28, 2025 CVEs: Nessus-Plugin-ID-142960 Summary Nessus-Plugin-ID-142960: The remote web server is not enforcing HSTS, as defined by RFC 6797. Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: