CVE-2025-10492

EPSS 0.33%
Veröffentlicht 16.09.2025 16:41:44
Zuletzt bearbeitet 14.10.2025 15:06:20
Quelle db6d2600-d19b-4111-a010-f3c4ed
CVE-Watchlists
Login
Unerledigt
Login

A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cloud ≫ Jasperreports Io SwEditionat-scale Version <= 4.0.0

Cloud ≫ Jasperreports Io SwEditionprofessional Version <= 4.0.0

Cloud ≫ Jasperreports Library SwEditioncommunity Version <= 7.0.3

Cloud ≫ Jasperreports Library SwEditionprofessional Version <= 9.0.2

Cloud ≫ Jasperreports Server Version <= 9.0.0

Cloud ≫ Jasperreports Studio SwEditioncommunity Version <= 7.0.3

Cloud ≫ Jasperreports Studio SwEditionprofessional Version <= 9.0.2

Cloud ≫ Jasperreports Web Studio Version <= 3.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.33%	0.554

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
db6d2600-d19b-4111-a010-f3c4ed70cd50	8.7	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://community.jaspersoft.com/advisories/jaspersoft-security-advisory-september-16-2025-jaspersoft-library-cve-2025-10492-r6/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-10492

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-10492

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-10492

EUVD