CVE-2025-10492

CVSS v3.1

9.8

Critical

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Jaspersoft Library (affected versions not specified)

Description A Java deserialisation issue has been identified in Jaspersoft Library. Improper handling of externally supplied data could allow attackers to execute arbitrary code remotely.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2025-10492

GHSA-7C3F-CG9X-F3GR

ZDI-25-948

Affected Products

Jaspersoft Library

CVE-2025-10492

Weakness Enumeration

Related Identifiers

Affected Products

References · 21