ГлавнаяУязвимости → CVE-2025-10492
9.8критическая

CVE-2025-10492

Описание

A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library

Затрагиваемое ПО
Cloud Jasperreports ioCloud Jasperreports libraryCloud Jasperreports serverCloud Jasperreports studioCloud Jasperreports web studio
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://community.jaspersoft.com/advisories/jaspersoft-security-advisory-september-16-2025-jaspersoft-library-cve-2025-10492-r6/https://community.jaspersoft.com/forums/topic/69926-cve-2025-10492-%E2%80%93-no-fix-available-after-jasperreports-upgrade-community-edition