PT-2025-38055 · Unknown · Jaspersoft Library

Publicado

2025-09-16

Atualizado

2026-04-15

CVE-2025-10492

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Jaspersoft Library (affected versions not specified)

Description A Java deserialisation issue has been identified in Jaspersoft Library. Improper handling of externally supplied data could allow attackers to execute arbitrary code remotely.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Deserialization of Untrusted Data

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-502

Identificadores relacionados

CVE-2025-10492

GHSA-7C3F-CG9X-F3GR

ZDI-25-948

Produtos afetados

Jaspersoft Library

PT-2025-38055 · Unknown · Jaspersoft Library

CVE-2025-10492

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 30