Search criteria
2 vulnerabilities found for JasperReports Web Studio by Jaspersoft
CVE-2025-10492 (GCVE-0-2025-10492)
Vulnerability from cvelistv5 – Published: 2025-09-16 16:41 – Updated: 2025-10-14 04:49
VLAI?
Summary
A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library
Severity ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Jaspersoft | JasperReports Library Community Edition |
Affected:
0 , ≤ 7.0.3
(maven)
|
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10492",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-16T17:29:30.897271Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T16:15:24.178Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "net/sf/jasperreports/jasperreports/",
"product": "JasperReports Library Community Edition",
"repo": "https://github.com/Jaspersoft/jasperreports",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "7.0.3",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Jaspersoft Studio Community Edition",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "7.0.3",
"status": "affected",
"version": "0",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "JasperReports Server",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "9.0.0",
"status": "affected",
"version": "0",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "JasperReports Library Professional",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "9.0.2",
"status": "affected",
"version": "0",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Jaspersoft Studio Professional",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "9.0.2",
"status": "affected",
"version": "0",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "JasperReports IO Professional",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "4.0.0",
"status": "affected",
"version": "0",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "JasperReports IO At-Scale",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "4.0.0",
"status": "affected",
"version": "0",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "JasperReports Web Studio",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "3.0.1",
"status": "affected",
"version": "0",
"versionType": "Patch"
}
]
}
],
"datePublic": "2025-09-16T16:25:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T04:49:45.696Z",
"orgId": "db6d2600-d19b-4111-a010-f3c4ed70cd50",
"shortName": "Jaspersoft"
},
"references": [
{
"url": "https://community.jaspersoft.com/advisories/jaspersoft-security-advisory-september-16-2025-jaspersoft-library-cve-2025-10492-r6/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Jaspersoft Library Deserialisation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "db6d2600-d19b-4111-a010-f3c4ed70cd50",
"assignerShortName": "Jaspersoft",
"cveId": "CVE-2025-10492",
"datePublished": "2025-09-16T16:41:44.931Z",
"dateReserved": "2025-09-15T16:26:21.449Z",
"dateUpdated": "2025-10-14T04:49:45.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10492 (GCVE-0-2025-10492)
Vulnerability from nvd – Published: 2025-09-16 16:41 – Updated: 2025-10-14 04:49
VLAI?
Summary
A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library
Severity ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Jaspersoft | JasperReports Library Community Edition |
Affected:
0 , ≤ 7.0.3
(maven)
|
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10492",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-16T17:29:30.897271Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T16:15:24.178Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "net/sf/jasperreports/jasperreports/",
"product": "JasperReports Library Community Edition",
"repo": "https://github.com/Jaspersoft/jasperreports",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "7.0.3",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Jaspersoft Studio Community Edition",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "7.0.3",
"status": "affected",
"version": "0",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "JasperReports Server",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "9.0.0",
"status": "affected",
"version": "0",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "JasperReports Library Professional",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "9.0.2",
"status": "affected",
"version": "0",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Jaspersoft Studio Professional",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "9.0.2",
"status": "affected",
"version": "0",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "JasperReports IO Professional",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "4.0.0",
"status": "affected",
"version": "0",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "JasperReports IO At-Scale",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "4.0.0",
"status": "affected",
"version": "0",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "JasperReports Web Studio",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "3.0.1",
"status": "affected",
"version": "0",
"versionType": "Patch"
}
]
}
],
"datePublic": "2025-09-16T16:25:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T04:49:45.696Z",
"orgId": "db6d2600-d19b-4111-a010-f3c4ed70cd50",
"shortName": "Jaspersoft"
},
"references": [
{
"url": "https://community.jaspersoft.com/advisories/jaspersoft-security-advisory-september-16-2025-jaspersoft-library-cve-2025-10492-r6/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Jaspersoft Library Deserialisation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "db6d2600-d19b-4111-a010-f3c4ed70cd50",
"assignerShortName": "Jaspersoft",
"cveId": "CVE-2025-10492",
"datePublished": "2025-09-16T16:41:44.931Z",
"dateReserved": "2025-09-15T16:26:21.449Z",
"dateUpdated": "2025-10-14T04:49:45.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}