CVE-2025-10492

moderate-risk
Published 2025-09-16

A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library

Do I need to act?

-
0.43% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (8)

Jasperreports Io
Jasperreports Io
Jasperreports Library
Jasperreports Library
Jasperreports Server
Jasperreports Studio
Jasperreports Studio
Jasperreports Web Studio

Affected Vendors

Cloud

References (2)

Vendor Advisory https://community.jaspersoft.com/advisories/jaspersoft-security-advisory-septemb...
https://community.jaspersoft.com/forums/topic/69926-cve-2025-10492-%E2%80%93-no-...
48
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 2/34 · Minimal
Exposure 14/34 · Moderate