Vulnerability Description
A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cloud | Jasperreports Io | <= 4.0.0 |
| Cloud | Jasperreports Library | <= 7.0.3 |
| Cloud | Jasperreports Server | <= 9.0.0 |
| Cloud | Jasperreports Studio | <= 7.0.3 |
| Cloud | Jasperreports Web Studio | <= 3.0.1 |
Related Weaknesses (CWE)
References
- https://community.jaspersoft.com/advisories/jaspersoft-security-advisory-septembVendor Advisory
- https://community.jaspersoft.com/forums/topic/69926-cve-2025-10492-%E2%80%93-no-
FAQ
What is CVE-2025-10492?
CVE-2025-10492 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use...
How severe is CVE-2025-10492?
CVE-2025-10492 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-10492?
Check the references section above for vendor advisories and patch information. Affected products include: Cloud Jasperreports Io, Cloud Jasperreports Library, Cloud Jasperreports Server, Cloud Jasperreports Studio, Cloud Jasperreports Web Studio.