CVE-2025-10492
A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library
| Software | From | Fixed in |
|---|---|---|
| cloud / jasperreports_io | - | 4.0.0.x |
| cloud / jasperreports_library | - | 7.0.3.x |
| cloud / jasperreports_library | - | 9.0.2.x |
| cloud / jasperreports_server | - | 9.0.0.x |
| cloud / jasperreports_studio | - | 7.0.3.x |
| cloud / jasperreports_studio | - | 9.0.2.x |
| cloud / jasperreports_web_studio | - | 3.0.1.x |
net.sf.jasperreports / jasperreports
|
- | 7.0.3.x |
- https://community.jaspersoft.com/advisories/jaspersoft-security-advisory-september-16-2025-jaspersoft-library-cve-2025-10492-r6
- https://community.jaspersoft.com/advisories/jaspersoft-security-advisory-september-16-2025-jaspersoft-library-cve-2025-10492-r6/
- https://github.com/Jaspersoft/jasperreports/issues/542
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime