EUVD-2025-29627

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Java deserialization flaw in Jaspersoft Library enables remote code execution via external data.

Reporter	Title	Published	Views	Family All 22
IBM Security Bulletins	Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in jasperreports (CVE-2025-10492)	4 May 202616:08	–	ibm
Circl	CVE-2025-10492	16 Sep 202519:27	–	circl
CNNVD	Jaspersoft Library 安全漏洞	16 Sep 202500:00	–	cnnvd
CVE	CVE-2025-10492	16 Sep 202516:41	–	cve
Cvelist	CVE-2025-10492 Jaspersoft Library Deserialisation Vulnerability	16 Sep 202516:41	–	cvelist
Github Security Blog	JasperReports has a Java deserialisation vulnerability	16 Sep 202518:31	–	github
ICS	Hitachi Energy Asset Suite	9 Dec 202500:00	–	ics
ICS	Hitachi Energy Ellipse	24 Feb 202600:00	–	ics
NVD	CVE-2025-10492	16 Sep 202517:15	–	nvd
OSV	CVE-2025-10492	16 Sep 202517:15	–	osv

[
  {
    "enisaIdVendor": [
      {
        "id": "652d1e60-c718-3a7b-ad80-eb0329612d1b",
        "vendor": {
          "name": "Jaspersoft"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "2f32726c-1d71-39a2-aabd-3987e8609efe",
        "product": {
          "name": "Jaspersoft Studio Professional"
        },
        "product_version": "9 ≤0.2"
      },
      {
        "id": "6802e969-84aa-340a-85d8-cad613cc76b2",
        "product": {
          "name": "Jaspersoft Studio Community Edition"
        },
        "product_version": "7 ≤0.3"
      },
      {
        "id": "8bf6ff64-93e0-37ae-bca9-d5b715209745",
        "product": {
          "name": "JasperReports Server"
        },
        "product_version": "9 ≤0.0"
      },
      {
        "id": "a40e1019-573b-3c4e-9e57-eddc6b42f079",
        "product": {
          "name": "JasperReports Library Professional"
        },
        "product_version": "9 ≤0.2"
      },
      {
        "id": "d6f75078-fd35-3898-b027-316e1d820100",
        "product": {
          "name": "JasperReports IO Professional"
        },
        "product_version": "4 ≤0.0"
      },
      {
        "id": "e2a1ac06-63e6-3eba-8daa-774eee701061",
        "product": {
          "name": "JasperReports Web Studio"
        },
        "product_version": "3 ≤0.1"
      },
      {
        "id": "e8668c67-2951-3221-8037-ce2b8c7e81eb",
        "product": {
          "name": "JasperReports IO At-Scale"
        },
        "product_version": "4 ≤0.0"
      },
      {
        "id": "f7898b0e-b59a-38d7-9df3-d7ee14b0e823",
        "product": {
          "name": "JasperReport Servers"
        },
        "product_version": "7 ≤0.3"
      }
    ]
  }
]

Source	Link
community	www.community.jaspersoft.com/advisories/jaspersoft-security-advisory-september-16-2025-jaspersoft-library-cve-2025-10492-r6/
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-10492

03 Oct 2025 20:07Current

6.4Medium risk

Vulners AI Score6.4

CVSS 48.7

EPSS0.00656

SSVC