CVE-2025-10492
Last modified
CVE-2025-10492 is a high-severity vulnerability rated 8.7/10 on the CVSS scale. A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library. EPSS estimates a 0.88% chance of exploitation in the next 30 days.
Description
A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cloud | Jasperreports Io | <= 4.0.0 |
| Cloud | Jasperreports Library | <= 7.0.3 |
| Cloud | Jasperreports Library | <= 9.0.2 |
| Cloud | Jasperreports Server | <= 9.0.0 |
| Cloud | Jasperreports Studio | <= 7.0.3 |
| Cloud | Jasperreports Studio | <= 9.0.2 |
| Cloud | Jasperreports Web Studio | <= 3.0.1 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2025-10492?
How severe is CVE-2025-10492?
How do I fix CVE-2025-10492?
Are you affected by CVE-2025-10492?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST