CVE-2025-10492CRITICAL 9.8EPSS p54.3%

CVE-2025-10492CVE-2025-10492

Description

A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.88% probability of exploitation · percentile 54.3% · 2026-06-18T12:00:27Z
Published2025-09-16
Last modified2026-02-10

Underlying weaknesses· 1

CWE-502

References

  1. https://community.jaspersoft.com/advisories/jaspersoft-security-advisory-september-16-2025-jaspersoft-library-cve-2025-10492-r6/
  2. https://community.jaspersoft.com/forums/topic/69926-cve-2025-10492-%E2%80%93-no-fix-available-after-jasperreports-upgrade-community-edition

1

TypeTargetConfidenceTier
WeaknessDeserialization of Untrusted Datacwe-5020%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-42928
CVE
CVE-2025-45854
CVE
CVE-2025-56422
CVE
Oracle ADF Faces Deserialization of Untrusted Data Vulnerability
CVE
CVE-2025-42944
CVE
CVE-2025-49712
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.