CVE-2025-10771CRITICAL 9.8EPSS p42.1%

CVE-2025-10771CVE-2025-10771

Description

A vulnerability was determined in jeecgboot JimuReport up to 2.1.2. Affected is an unknown function of the file /drag/onlDragDataSource/testConnection of the component DB2 JDBC Handler. Executing manipulation of the argument clientRerouteServerListJNDIName can lead to deserialization. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.56% probability of exploitation · percentile 42.1% · 2026-06-19T12:03:05Z
Published2025-09-21
Last modified2026-04-29

Underlying weaknesses· 2

CWE-20CWE-502

References

  1. https://github.com/jeecgboot/jimureport/issues/4117
  2. https://github.com/jeecgboot/jimureport/issues/4117#issue-3391268438
  3. https://vuldb.com/?ctiid.325127
  4. https://vuldb.com/?id.325127
  5. https://vuldb.com/?submit.649778

2

TypeTargetConfidenceTier
WeaknessImproper Input Validationcwe-200%live
WeaknessDeserialization of Untrusted Datacwe-5020%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-8963
CVE
CVE-2025-66913
CVE
CVE-2025-10707
CVE
CVE-2026-11457
CVE
CVE-2025-14908
CVE
CVE-2026-1746
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.