Jaspersoft Library Deserialisation Vulnerability_CVE-2025-10492

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library

Basic Information

ID CVE-2025-10492

Source Jaspersoft

Published Sep 16, 2025 at 16:41

Affected Product

Vendor Jaspersoft

Product JasperReport Servers

Version 7

Affected Versions Jaspersoft JasperReport Servers 7
Jaspersoft Jaspersoft Studio Community Edition 7
Jaspersoft JasperReports Server 9
Jaspersoft JasperReports Library Professional 9
Jaspersoft Jaspersoft Studio Professional 9
Jaspersoft JasperReports IO Professional 4
Jaspersoft JasperReports IO At-Scale 4
Jaspersoft JasperReports Web Studio 3

References

community.jaspersoft.com /advisories/jaspersoft-security-advisory-september-16-2025-jaspersoft-library-cve-2025-10492-r6/

{
    "lastseen": "",
    "description": "A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library",
    "published": "2025-09-16T16:41:44.931Z",
    "modified": "2025-09-16T16:41:44.931Z",
    "type": "cve",
    "title": "Jaspersoft Library Deserialisation Vulnerability",
    "source": "Jaspersoft",
    "references": "https://community.jaspersoft.com/advisories/jaspersoft-security-advisory-september-16-2025-jaspersoft-library-cve-2025-10492-r6/",
    "id": "CVE-2025-10492",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Jaspersoft JasperReport Servers 7\nJaspersoft Jaspersoft Studio Community Edition 7\nJaspersoft JasperReports Server 9\nJaspersoft JasperReports Library Professional 9\nJaspersoft Jaspersoft Studio Professional 9\nJaspersoft JasperReports IO Professional 4\nJaspersoft JasperReports IO At-Scale 4\nJaspersoft JasperReports Web Studio 3",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "JasperReport Servers",
    "version": "7",
    "vendor": "Jaspersoft",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply