Python Dependencie Update (MINDBREEZE36511)

ID: MINDBREEZE36511
Affected Components: Mindbreeze InSpire, Mindbreeze InSpire SaaS
Severity: High 8.8
Status: Final
First published: August 26, 2025
CVEs: CVE-2024-47081, CVE-2025-3262, CVE-2025-47273, CVE-2025-48379, CVE-2025-48945, CVE-2025-50181, CVE-2025-50182, GITHUB GHSA-5qpg-rh4j-qp35

Summary

requests: Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials
huggingface/transformers: Regular Expression Denial of Service (ReDoS)
setuptools: An attacker would be allowed to write files to arbitrary locations on the filesystem
pillow: heap buffer overflow
pycares: use-after-free
urllib3: Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects.
urllib3: Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js.

Hotfix Information

Fixed with following versions of Mindbreeze InSpire On-Premises or Mindbreeze InSpire SaaS:

Mindbreeze InSpire 25.5 Release
Mindbreeze InSpire SaaS 25.5 Release

Python Dependencie Update (MINDBREEZE36511)

Summary

Social Media

Security

Support

Newsletter

Language