GHSA-7c3f-cg9x-f3gr
Suggest an improvement- Source
- https://github.com/advisories/GHSA-7c3f-cg9x-f3gr
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/09/GHSA-7c3f-cg9x-f3gr/GHSA-7c3f-cg9x-f3gr.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-7c3f-cg9x-f3gr
- Aliases
-
- CVE-2025-10492
- Published
- 2025-09-16T18:31:27Z
- Modified
- 2026-03-09T22:01:24.684716Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- JasperReports has a Java deserialisation vulnerability
- Details
-
A Java deserialisation vulnerability has been discovered in the Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library.
- Database specific
{ "nvd_published_at": "2025-09-16T17:15:40Z", "cwe_ids": [ "CWE-502" ], "github_reviewed_at": "2026-01-09T19:55:24Z", "github_reviewed": true, "severity": "HIGH" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2025-10492
- https://github.com/Jaspersoft/jasperreports/issues/542
- https://github.com/Jaspersoft/jasperreports/commit/3541a3e2b1ad8b78388ac505091da75cb652a647
- https://github.com/Jaspersoft/jasperreports/commit/827c2f27c4ca8e2c5b3142d76df9c1c8575f3569
- https://community.jaspersoft.com/advisories/jaspersoft-security-advisory-september-16-2025-jaspersoft-library-cve-2025-10492-r6
- https://community.jaspersoft.com/forums/topic/69926-cve-2025-10492-%E2%80%93-no-fix-available-after-jasperreports-upgrade-community-edition
- https://github.com/Jaspersoft/jasperreports
Affected packages
Maven / net.sf.jasperreports:jasperreports
Package
- Name
- net.sf.jasperreports:jasperreports
- View open source insights on deps.dev
- Purl
- pkg:maven/net.sf.jasperreports/jasperreports
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.0.4
Affected versions
3.*
3.6.0
3.6.1
3.6.2
3.7.0
3.7.1
3.7.2
3.7.3
3.7.4
3.7.5
3.7.6
4.*
4.0.0
4.0.1
4.0.2
4.1.1
4.1.2
4.1.3
4.5.0
4.5.1
4.6.0
4.7.0
4.7.1
4.8.0
5.*
5.0.0
5.0.1
5.0.4
5.1.0
5.1.2
5.2.0
5.5.0
5.5.1
5.5.2
5.6.0
5.6.1
6.*
6.0.0
6.0.2
6.0.3
6.0.4
6.1.0
6.1.1
6.2.0
6.2.1
6.2.2
6.3.0
6.3.1
6.4.0
6.4.1
6.4.3
6.5.0
6.5.1
6.6.0
6.7.0
6.7.1
6.8.0
6.8.1
6.9.0
6.10.0
6.11.0
6.12.0
6.12.1
6.12.2
6.13.0
6.14.0
6.15.0
6.16.0
6.17.0
6.18.0
6.18.1
6.19.0
6.19.1
6.20.0
6.20.1
6.20.2
6.20.3
6.20.4
6.20.5
6.20.6
6.21.0
6.21.2
6.21.3
6.21.4
6.21.5
7.*
7.0.0
7.0.1
7.0.2
7.0.3