Search criteria
2 vulnerabilities found for jasperreports_web_studio by cloud
CVE-2025-10492 (GCVE-0-2025-10492)
Vulnerability from cvelistv5 – Published: 2025-09-16 16:41 – Updated: 2026-02-10 18:12
VLAI
Title
Jaspersoft Library Deserialisation Vulnerability
Summary
A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Jaspersoft | JasperReports Library Community Edition |
Affected:
0 , ≤ 7.0.3
(maven)
|
|
| Jaspersoft | Jaspersoft Studio Community Edition |
Affected:
0 , ≤ 7.0.3
(Patch)
|
|
| Jaspersoft | JasperReports Server |
Affected:
0 , ≤ 9.0.0
(Patch)
|
|
| Jaspersoft | JasperReports Library Professional |
Affected:
0 , ≤ 9.0.2
(Patch)
|
|
| Jaspersoft | Jaspersoft Studio Professional |
Affected:
0 , ≤ 9.0.2
(Patch)
|
|
| Jaspersoft | JasperReports IO Professional |
Affected:
0 , ≤ 4.0.0
(Patch)
|
|
| Jaspersoft | JasperReports IO At-Scale |
Affected:
0 , ≤ 4.0.0
(Patch)
|
|
| Jaspersoft | JasperReports Web Studio |
Affected:
0 , ≤ 3.0.1
(Patch)
|
Date Public
2025-09-16 16:25
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10492",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-16T17:29:30.897271Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T16:15:24.178Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-02-10T18:12:20.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://community.jaspersoft.com/forums/topic/69926-cve-2025-10492-%E2%80%93-no-fix-available-after-jasperreports-upgrade-community-edition"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "net/sf/jasperreports/jasperreports/",
"product": "JasperReports Library Community Edition",
"repo": "https://github.com/Jaspersoft/jasperreports",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "7.0.3",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Jaspersoft Studio Community Edition",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "7.0.3",
"status": "affected",
"version": "0",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "JasperReports Server",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "9.0.0",
"status": "affected",
"version": "0",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "JasperReports Library Professional",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "9.0.2",
"status": "affected",
"version": "0",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Jaspersoft Studio Professional",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "9.0.2",
"status": "affected",
"version": "0",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "JasperReports IO Professional",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "4.0.0",
"status": "affected",
"version": "0",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "JasperReports IO At-Scale",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "4.0.0",
"status": "affected",
"version": "0",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "JasperReports Web Studio",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "3.0.1",
"status": "affected",
"version": "0",
"versionType": "Patch"
}
]
}
],
"datePublic": "2025-09-16T16:25:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T04:49:45.696Z",
"orgId": "db6d2600-d19b-4111-a010-f3c4ed70cd50",
"shortName": "Jaspersoft"
},
"references": [
{
"url": "https://community.jaspersoft.com/advisories/jaspersoft-security-advisory-september-16-2025-jaspersoft-library-cve-2025-10492-r6/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Jaspersoft Library Deserialisation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "db6d2600-d19b-4111-a010-f3c4ed70cd50",
"assignerShortName": "Jaspersoft",
"cveId": "CVE-2025-10492",
"datePublished": "2025-09-16T16:41:44.931Z",
"dateReserved": "2025-09-15T16:26:21.449Z",
"dateUpdated": "2026-02-10T18:12:20.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10492 (GCVE-0-2025-10492)
Vulnerability from nvd – Published: 2025-09-16 16:41 – Updated: 2026-02-10 18:12
VLAI
Title
Jaspersoft Library Deserialisation Vulnerability
Summary
A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Jaspersoft | JasperReports Library Community Edition |
Affected:
0 , ≤ 7.0.3
(maven)
|
|
| Jaspersoft | Jaspersoft Studio Community Edition |
Affected:
0 , ≤ 7.0.3
(Patch)
|
|
| Jaspersoft | JasperReports Server |
Affected:
0 , ≤ 9.0.0
(Patch)
|
|
| Jaspersoft | JasperReports Library Professional |
Affected:
0 , ≤ 9.0.2
(Patch)
|
|
| Jaspersoft | Jaspersoft Studio Professional |
Affected:
0 , ≤ 9.0.2
(Patch)
|
|
| Jaspersoft | JasperReports IO Professional |
Affected:
0 , ≤ 4.0.0
(Patch)
|
|
| Jaspersoft | JasperReports IO At-Scale |
Affected:
0 , ≤ 4.0.0
(Patch)
|
|
| Jaspersoft | JasperReports Web Studio |
Affected:
0 , ≤ 3.0.1
(Patch)
|
Date Public
2025-09-16 16:25
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10492",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-16T17:29:30.897271Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T16:15:24.178Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-02-10T18:12:20.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://community.jaspersoft.com/forums/topic/69926-cve-2025-10492-%E2%80%93-no-fix-available-after-jasperreports-upgrade-community-edition"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "net/sf/jasperreports/jasperreports/",
"product": "JasperReports Library Community Edition",
"repo": "https://github.com/Jaspersoft/jasperreports",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "7.0.3",
"status": "affected",
"version": "0",
"versionType": "maven"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Jaspersoft Studio Community Edition",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "7.0.3",
"status": "affected",
"version": "0",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "JasperReports Server",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "9.0.0",
"status": "affected",
"version": "0",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "JasperReports Library Professional",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "9.0.2",
"status": "affected",
"version": "0",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Jaspersoft Studio Professional",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "9.0.2",
"status": "affected",
"version": "0",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "JasperReports IO Professional",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "4.0.0",
"status": "affected",
"version": "0",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "JasperReports IO At-Scale",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "4.0.0",
"status": "affected",
"version": "0",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unaffected",
"product": "JasperReports Web Studio",
"vendor": "Jaspersoft",
"versions": [
{
"lessThanOrEqual": "3.0.1",
"status": "affected",
"version": "0",
"versionType": "Patch"
}
]
}
],
"datePublic": "2025-09-16T16:25:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T04:49:45.696Z",
"orgId": "db6d2600-d19b-4111-a010-f3c4ed70cd50",
"shortName": "Jaspersoft"
},
"references": [
{
"url": "https://community.jaspersoft.com/advisories/jaspersoft-security-advisory-september-16-2025-jaspersoft-library-cve-2025-10492-r6/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Jaspersoft Library Deserialisation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "db6d2600-d19b-4111-a010-f3c4ed70cd50",
"assignerShortName": "Jaspersoft",
"cveId": "CVE-2025-10492",
"datePublished": "2025-09-16T16:41:44.931Z",
"dateReserved": "2025-09-15T16:26:21.449Z",
"dateUpdated": "2026-02-10T18:12:20.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}