Expat security update (MINDBREEZE34957)

ID: MINDBREEZE34957 
Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS 
Severity: Medium 
Status: Final 
First published: June 6, 2025 
CVEs: CVE-2024-8176, CVE-2024-50602 

Summary 

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.

Hotfix Information 

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS: 

• Mindbreeze InSpire 25.3 Release
• Mindbreeze InSpire Saas 25.3 Release