CVE-2025-10492

Summary

A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library

Affected Software

VendorProductVersion RangeStatus
JaspersoftJasperReports Library Community Edition0 <= 7.0.3affected
JaspersoftJaspersoft Studio Community Edition0 <= 7.0.3affected
JaspersoftJasperReports Server0 <= 9.0.0affected
JaspersoftJasperReports Library Professional0 <= 9.0.2affected
JaspersoftJaspersoft Studio Professional0 <= 9.0.2affected
JaspersoftJasperReports IO Professional0 <= 4.0.0affected
JaspersoftJasperReports IO At-Scale0 <= 4.0.0affected
JaspersoftJasperReports Web Studio0 <= 3.0.1affected

Weaknesses

  • CWE-502: CWE-502 Deserialization of Untrusted Data

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References