Java Deserialization Vulnerability in Jaspersoft Library by TIBCO Software
CVE-2025-10492

8.7HIGH

Key Information:

Vendor

Jaspersoft

Status
Jasperreports Library Community Edition
Jaspersoft Studio Community Edition
Jasperreports Server
Jasperreports Library Professional
Vendor
CVE Published:
16 September 2025

Badges

đź“° News Worthy

What is CVE-2025-10492?

A vulnerability in the Jaspersoft Library allows for Java deserialization issues, which can result in improper handling of external data. This puts systems using the library at risk of remote code execution by malicious actors. Users are urged to implement the latest security measures to mitigate these risks.

Affected Version(s)

JasperReports IO At-Scale 0 <= 4.0.0

JasperReports IO Professional 0 <= 4.0.0

JasperReports Library Community Edition 0 <= 7.0.3

News Articles

favicon imagesystemtek.co.uk

Jaspersoft Jasper Reports JRLoader Deserialization Of Untrusted Data Remote Code Execution Vulnerability (CVE-2025-10492)

- This vulnerability allows remote attackers to execute arbitrary code on affected installations of Jaspersoft Jasper Reports.

4 weeks ago

References

https://community.jaspersoft.com/advisories/jaspersoft-se...

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • đź“°

    First article discovered by systemtek.co.uk

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-10492 : Java Deserialization Vulnerability in Jaspersoft Library by TIBCO Software