Mindbreeze InSpire Vulnerabilities

This page lists known security vulnerabilities found in Mindbreeze InSpire. The article titles contain the Mindbreeze issue number and, in the case of third-party software, the official CVE number. Information about the affected components, severity level, current status and how to prevent the issue as well as hotfix information if applicable, can be found on the detail pages. You can also use the full text search to find specific vulnerabilities.

If you have found a possible security vulnerability, please contact Mindbreeze InSpire Support at support@mindbreeze.com providing detailed information about the problem found.

Vulnerabilities

Sudo security update to version 1.9.17p1 (MINDBREEZE36510)

ID: MINDBREEZE36510 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 7.8 High Status: Final First published: July 30, 2025 CVEs:  CVE-2025-32462, CVE-2025-32463 Summary Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option. Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.  
Read more about Sudo security update to version 1.9.17p1 (MINDBREEZE36510)

Update libxml2 to fix out-of-bounds read (MINDBREEZE35902)

ID: MINDBREEZE35902 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 2.9 Low Status: Final First published: July 30, 2025 CVEs: CVE-2025-32415 Summary In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.  Hotfix Information 
Read more about Update libxml2 to fix out-of-bounds read (MINDBREEZE35902)

Chromium Security Update (MINDBREEZE35671)

ID: MINDBREEZE35671 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 5.4 Medium Status: Final First published: July 30, 2025 CVEs: CVE-2025-4096, CVE-2025-4050, CVE-2025-4051, CVE-2025-4052, CVE-2025-4372, CVE-2025-4664, CVE-2025-4609, CVE-2025-5063, CVE-2025-5280, CVE-2025-5064, CVE-2025-5065, CVE-2025-5066, CVE-2025-5281, CVE-2025-5283, CVE-2025-5067, CVE-2025-5419, CVE-2025-5068 
Read more about Chromium Security Update (MINDBREEZE35671)

Updated OpenJDK to Version 8.0.452 (InSpire) and 17.0.5 (Keycloak) (MINDBREEZE35378)

ID: MINDBREEZE35378 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 7.4 High Status: Final First published: June 6, 2025 CVEs: CVE-2025-21587, CVE-2025-30691, CVE-2025-30698 Summary CVE-2025-21587 - openjdk:Better TLS connection supportCVE-2025-30691 - openjdk: Improve compiler transformationsCVE-2025-30698 - openjdk: Enhance Buffered Image handling Hotfix Information 
Read more about Updated OpenJDK to Version 8.0.452 (InSpire) and 17.0.5 (Keycloak) (MINDBREEZE35378)

Dell Firmware Updates (MINDBREEZE35367)

ID: MINDBREEZE35367 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 7.5 High Status: Final First published: June 6, 2025 CVEs: CVE-2024-45490, CVE-2024-45491, CVE-2024-45492, CVE-2024-50602, CVE-2024-2961, CVE-2024-52533, CVE-2023-6780,  CVE-2025-26466 
Read more about Dell Firmware Updates (MINDBREEZE35367)

Expat security update (MINDBREEZE34957)

ID: MINDBREEZE34957 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: Medium Status: Final First published: June 6, 2025 CVEs: CVE-2024-8176, CVE-2024-50602 
Read more about Expat security update (MINDBREEZE34957)

Chromium Security Update (MINDBREEZE34722)

ID: MINDBREEZE34722 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: Medium Status: Final First published: June 6, 2025 CVEs: CVE-2025-2783, CVE-2025-3066, CVE-2025-3067, CVE-2025-3068, CVE-2025-3069, CVE-2025-3070, CVE-2025-3071, CVE-2025-3072, CVE-2025-3073, CVE-2025-3074, CVE-2025-3066, CVE-2025-3619, CVE-2025-3620 
Read more about Chromium Security Update (MINDBREEZE34722)

Security update of Abseil (MINDBREEZE34683)

ID: MINDBREEZE34683 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: Low Status: Final Last Update: February 21, 2025 First published: June 6, 2025 CVEs: CVE-2025-0838 
Read more about Security update of Abseil (MINDBREEZE34683)

CoreOS Security Update (MINDBREEZE34496)

ID: MINDBREEZE34496 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 5.9 Medium Status: Final First published: April 28, 2025 CVEs: CVE-2025-26466 Summary openssh: Denial-of-service in OpenSSH  Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire 25.2 ReleaseMindbreeze InSpire Saas 25.2 Release 
Read more about CoreOS Security Update (MINDBREEZE34496)

SharePoint Online Connector loses changes if ChangeToken older than 60 days (MINDBREEZE34495)

ID: MINDBREEZE34495 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: High Status: Final First published: April 28, 2025 CVEs: MINDBREEZE34495 Summary Fixed an issue when the SharePoint Online Connector is not active for more than 60 days, that the next crawl run or update might not fetch all changes, (including ACL changes) which might result in incomplete documents and/or incomplete access control.  Hotfix Information 
Read more about SharePoint Online Connector loses changes if ChangeToken older than 60 days (MINDBREEZE34495)