CVE-2025-10492
Description
A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.38
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2025-10492 are affected in Sf - jasperreports 7.0.3 | Windows |
| Vulnerabilities CVE-2025-10492 are fixed in Sf - jasperreports 7.0.4 | Windows |
| Vulnerabilities CVE-2025-10492 are affected in Sf - jasperreports for Linux 7.0.3 | Linux |
| Vulnerabilities CVE-2025-10492 are fixed in Sf - jasperreports for Linux 7.0.4 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234