A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library
References
Configurations
Configuration 1 (hide)
|
History
14 Oct 2025, 15:06
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:cloud:jasperreports_web_studio:*:*:*:*:*:*:*:* cpe:2.3:a:cloud:jasperreports_server:*:*:*:*:*:*:*:* cpe:2.3:a:cloud:jasperreports_library:*:*:*:*:community:*:*:* cpe:2.3:a:cloud:jasperreports_io:*:*:*:*:professional:*:*:* cpe:2.3:a:cloud:jasperreports_io:*:*:*:*:at-scale:*:*:* cpe:2.3:a:cloud:jasperreports_studio:*:*:*:*:community:*:*:* cpe:2.3:a:cloud:jasperreports_library:*:*:*:*:professional:*:*:* cpe:2.3:a:cloud:jasperreports_studio:*:*:*:*:professional:*:*:* |
|
| First Time |
Cloud jasperreports Library
Cloud jasperreports Server Cloud jasperreports Studio Cloud Cloud jasperreports Web Studio Cloud jasperreports Io |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
| References | () https://community.jaspersoft.com/advisories/jaspersoft-security-advisory-september-16-2025-jaspersoft-library-cve-2025-10492-r6/ - Vendor Advisory |
25 Sep 2025, 17:15
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-502 |
16 Sep 2025, 17:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-09-16 17:15
Updated : 2025-10-14 15:06
NVD link : CVE-2025-10492
Mitre link : CVE-2025-10492
CVE.ORG link : CVE-2025-10492
JSON object : View
Products Affected
cloud
- jasperreports_server
- jasperreports_web_studio
- jasperreports_io
- jasperreports_studio
- jasperreports_library
CWE
CWE-502
Deserialization of Untrusted Data