CVE-2025-10492

Published: Sep 16, 2025Modified: Feb 10, 2026

8.7

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: db6d2600-d19b-4111-a010-f3c4ed70cd50 (Secondary)

Description

A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library

Affected (8)

Products: Cloud: Jasperreports Io, Jasperreports Library, Jasperreports Server, Jasperreports Studio, Jasperreports Web Studio

Cloud

5 products

Jasperreports Io

Jasperreports Library

Jasperreports Server

Jasperreports Studio

Jasperreports Web Studio

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Cloud Jasperreports Io	Up to 4.0.0
Cloud Jasperreports Io	Up to 4.0.0
Cloud Jasperreports Library	Up to 7.0.3
Cloud Jasperreports Library	Up to 9.0.2
Cloud Jasperreports Server	Up to 9.0.0
Cloud Jasperreports Studio	Up to 7.0.3
Cloud Jasperreports Studio	Up to 9.0.2
Cloud Jasperreports Web Studio	Up to 3.0.1

Related CWEs

CWE-502

Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (2)

https://community.jaspersoft.com/advisories/jaspersoft-security-advisory-september-16-2025-jaspersoft-library-cve-2025-10492-r6/

Source: db6d2600-d19b-4111-a010-f3c4ed70cd50

Vendor Advisory

https://community.jaspersoft.com/forums/topic/69926-cve-2025-10492-%E2%80%93-no-fix-available-after-jasperreports-upgrade-community-edition

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.