Mindbreeze InSpire Vulnerabilities
This page lists known security vulnerabilities found in Mindbreeze InSpire. The article titles contain the Mindbreeze issue number and, in the case of third-party software, the official CVE number. Information about the affected components, severity level, current status and how to prevent the issue as well as hotfix information if applicable, can be found on the detail pages. You can also use the full text search to find specific vulnerabilities.
If you have found a possible security vulnerability, please contact Mindbreeze InSpire Support at support@mindbreeze.com providing detailed information about the problem found.
Vulnerabilities
ID: MINDBREEZE35378 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 7.4 High Status: Final First published: June 6, 2025 CVEs: CVE-2025-21587, CVE-2025-30691, CVE-2025-30698 Summary CVE-2025-21587 - openjdk:Better TLS connection supportCVE-2025-30691 - openjdk: Improve compiler transformationsCVE-2025-30698 - openjdk: Enhance Buffered Image handling Hotfix Information
ID: MINDBREEZE35367 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 7.5 High Status: Final First published: June 6, 2025 CVEs: CVE-2024-45490, CVE-2024-45491, CVE-2024-45492, CVE-2024-50602, CVE-2024-2961, CVE-2024-52533, CVE-2023-6780, CVE-2025-26466
ID: MINDBREEZE34957 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: Medium Status: Final First published: June 6, 2025 CVEs: CVE-2024-8176, CVE-2024-50602
ID: MINDBREEZE34722 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: Medium Status: Final First published: June 6, 2025 CVEs: CVE-2025-2783, CVE-2025-3066, CVE-2025-3067, CVE-2025-3068, CVE-2025-3069, CVE-2025-3070, CVE-2025-3071, CVE-2025-3072, CVE-2025-3073, CVE-2025-3074, CVE-2025-3066, CVE-2025-3619, CVE-2025-3620
ID: MINDBREEZE34683 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: Low Status: Final Last Update: February 21, 2025 First published: June 6, 2025 CVEs: CVE-2025-0838
ID: MINDBREEZE34496 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 5.9 Medium Status: Final First published: April 28, 2025 CVEs: CVE-2025-26466 Summary openssh: Denial-of-service in OpenSSH Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire 25.2 ReleaseMindbreeze InSpire Saas 25.2 Release
ID: MINDBREEZE34495 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: High Status: Final First published: April 28, 2025 CVEs: MINDBREEZE34495 Summary Fixed an issue when the SharePoint Online Connector is not active for more than 60 days, that the next crawl run or update might not fetch all changes, (including ACL changes) which might result in incomplete documents and/or incomplete access control. Hotfix Information
ID: MINDBREEZE34330 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 6.8 Medium Status: Final First published: April 28, 2025 CVEs: CVE-2025-0444, CVE-2025-0445, CVE-2025-0995, CVE-2025-0996, CVE-2025-0997, CVE-2025-0998, CVE-2025-0999, CVE-2025-1426, CVE-2025-1006, CVE-2025-1914, CVE-2025-1916, CVE-2025-1917, CVE-2025-1918, CVE-2025-1919, CVE-2025-1921, CVE-2025-1922, CVE-2025-1923, CVE-2025-1920, CVE-2025-2135, CVE-2025-2137, CVE-2025-2476, Chromium internal issue: 396481096
ID: MINDBREEZE33995 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: 8.2 High Status: Final CVEs: MINDBREEZE33995 Summary Fixed: Possible stored XSS attacks within unescaped mustache templates Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: Mindbreeze InSpire 24.8 Hotfix 2 Release Mindbreeze InSpire Saas 24.8 Hotfix 2 Release
ID: MINDBREEZE33992 Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS Severity: Critical Status: Final First published: January 28, 2025 CVEs: MINDBREEZE33992 Summary WebPageThumbnailer thumbnail destination url can be overwritten via custom metadata which is not further validated and can lead to potential unintended local network access. Hotfix Information Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: