Vulnerability

CVE-2025-10492

 Report advisory or correction

CVSS Score 9.8 critical

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-502

References

https://community.jaspersoft.com/advisories/jaspersoft-security-advisory-september-16-2025-jaspersoft-library-cve-2025-10492-r6/
https://github.com/Jaspersoft/jasperreports/issues/542
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-10492

[CVE-2025-10492] CWE-502: Deserialization of Untrusted Data

Description

A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library