VYPR
High severityNVD Advisory· Published Sep 16, 2025· Updated Feb 10, 2026

Jaspersoft Library Deserialisation Vulnerability

CVE-2025-10492

Description

A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
net.sf.jasperreports:jasperreportsMaven
< 7.0.47.0.4

Affected products

9
  • Jaspersoft/JasperReports IO At-Scalev5
    Range: 0
  • Jaspersoft/JasperReports IO Professionalv5
    Range: 0
  • Jaspersoft/JasperReports Library Community Editionv5
    Range: 0
  • Jaspersoft/JasperReports Library Professionalv5
    Range: 0
  • Jaspersoft/Jasperreportscpe-rescue2 versions
    0+ 1 more
    • (no CPE)range: 0
    • (no CPE)range: 0
  • Jaspersoft/Jaspersoft Studio Community Editionv5
    Range: 0
  • Jaspersoft/Jaspersoft Studio Professionalv5
    Range: 0

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.