CVE-2025-10492

CRITICAL

A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library

CVSS v3.1 Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Complexity

LOW

Privileges

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Published: 9/16/2025Modified: 2/10/2026

Related Intelligence (1)

CRITICALVulnerability

Hitachi Energy Ellipse

<p><a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-092-03.json"><strong>View CSAF</strong></a></p> <h2>Summary</h2> <p><strong>Hitachi Energy is aware of a Jasper Report vulnerability that affects the Ellipse product versions mentioned in this document below. This vulnerability can be exploited to carry out remote code execution (RCE) attack on the product. P

CVE-2025-10492

19h agoCISA Advisories

References (2)

https://community.jaspersoft.com/advisories/jaspersoft-security-advisory-september-16-2025-jaspersoft-library-cve-2025-10492-r6/Vendor Advisory https://community.jaspersoft.com/forums/topic/69926-cve-2025-10492-%E2%80%93-no-fix-available-after-jasperreports-upgrade-community-edition

Command Palette

CVE-2025-10492

CVSS v3.1 Score

Related Intelligence (1)

Hitachi Energy Ellipse

References (2)