Java Deserialization Flaw in Jaspersoft Library Enables Remote Code Execution
CVE-2025-10492 Published on September 16, 2025
Jaspersoft Library Deserialisation Vulnerability
A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library
Weakness Type
What is a Marshaling, Unmarshaling Vulnerability?
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
CVE-2025-10492 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.
Products Associated with CVE-2025-10492
Want to know whenever a new CVE is published for Jaspersoft Jasperreports? stack.watch will email you.
Affected Versions
Jaspersoft JasperReports Library Community Edition:- Before and including 7.0.3 is affected.
- Before and including 7.0.3 is affected.
- Before and including 9.0.0 is affected.
- Before and including 9.0.2 is affected.
- Before and including 9.0.2 is affected.
- Before and including 4.0.0 is affected.
- Before and including 4.0.0 is affected.
- Before and including 3.0.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.