Mindbreeze InSpire Vulnerabilities

This page lists known security vulnerabilities found in Mindbreeze InSpire. The article titles contain the Mindbreeze issue number and, in the case of third-party software, the official CVE number. Information about the affected components, severity level, current status and how to prevent the issue as well as hotfix information if applicable, can be found on the detail pages. You can also use the full text search to find specific vulnerabilities.

If you have found a possible security vulnerability, please contact Mindbreeze InSpire Support at support@mindbreeze.com providing detailed information about the problem found.

Vulnerabilities

ID: MINDBREEZE36510 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 7.8 High Status: Final First published: July 30, 2025 CVEs:  CVE-2025-32462, CVE-2025-32463 Summary Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option. Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.  
ID: MINDBREEZE35902 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 2.9 Low Status: Final First published: July 30, 2025 CVEs: CVE-2025-32415 Summary In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.  Hotfix Information 
ID: MINDBREEZE35671 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 5.4 Medium Status: Final First published: July 30, 2025 CVEs: CVE-2025-4096, CVE-2025-4050, CVE-2025-4051, CVE-2025-4052, CVE-2025-4372, CVE-2025-4664, CVE-2025-4609, CVE-2025-5063, CVE-2025-5280, CVE-2025-5064, CVE-2025-5065, CVE-2025-5066, CVE-2025-5281, CVE-2025-5283, CVE-2025-5067, CVE-2025-5419, CVE-2025-5068 
ID: MINDBREEZE35378 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 7.4 High Status: Final First published: June 6, 2025 CVEs: CVE-2025-21587, CVE-2025-30691, CVE-2025-30698 Summary CVE-2025-21587 - openjdk:Better TLS connection supportCVE-2025-30691 - openjdk: Improve compiler transformationsCVE-2025-30698 - openjdk: Enhance Buffered Image handling Hotfix Information 
ID: MINDBREEZE35367 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 7.5 High Status: Final First published: June 6, 2025 CVEs: CVE-2024-45490, CVE-2024-45491, CVE-2024-45492, CVE-2024-50602, CVE-2024-2961, CVE-2024-52533, CVE-2023-6780,  CVE-2025-26466 
ID: MINDBREEZE34957 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: Medium Status: Final First published: June 6, 2025 CVEs: CVE-2024-8176, CVE-2024-50602 
ID: MINDBREEZE34722 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: Medium Status: Final First published: June 6, 2025 CVEs: CVE-2025-2783, CVE-2025-3066, CVE-2025-3067, CVE-2025-3068, CVE-2025-3069, CVE-2025-3070, CVE-2025-3071, CVE-2025-3072, CVE-2025-3073, CVE-2025-3074, CVE-2025-3066, CVE-2025-3619, CVE-2025-3620 
ID: MINDBREEZE34683 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: Low Status: Final Last Update: February 21, 2025 First published: June 6, 2025 CVEs: CVE-2025-0838 
ID: MINDBREEZE34496 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 5.9 Medium Status: Final First published: April 28, 2025 CVEs: CVE-2025-26466 Summary openssh: Denial-of-service in OpenSSH  Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire 25.2 ReleaseMindbreeze InSpire Saas 25.2 Release 
ID: MINDBREEZE34495 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: High Status: Final First published: April 28, 2025 CVEs: MINDBREEZE34495 Summary Fixed an issue when the SharePoint Online Connector is not active for more than 60 days, that the next crawl run or update might not fetch all changes, (including ACL changes) which might result in incomplete documents and/or incomplete access control.  Hotfix Information