CVE-2025-10492
JasperReports has a Java deserialisation vulnerability
9.8
CRITICAL
CVSS 3.1
EPSS 0.66%
Description
A Java deserialisation vulnerability has been discovered in the Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library.
How to fix CVE-2025-10492
To remediate CVE-2025-10492, upgrade the affected package to a fixed version below.
- —upgrade to 7.0.4 or later
Is CVE-2025-10492 being exploited?
Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 7.0.4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |