CVE-2025-66913

Name of the Vulnerable Software and Affected Versions JimuReport versions through 2.1.3

Description The software is susceptible to remote code execution when handling user-supplied H2 JDBC URLs. The application directly passes the attacker-controlled JDBC URL to the H2 driver, enabling the use of specific directives to execute arbitrary Java code. The vulnerability involves the processing of H2 JDBC URLs and allows for the execution of code on the system. The vulnerable component is the H2 JDBC driver. The vulnerable parameter is the JDBC URL itself.

Recommendations Versions prior to 2.1.3 are affected. Update JimuReport to a version later than 2.1.3. At the moment, there is no information about a newer version that contains a fix for this vulnerability.