JimuReport thru version 2.1.3 is vulnerable to remote code execution when processing user-controlled H2 JDBC URLs. The application passes the attacker-supplied JDBC URL directly to the H2 driver, allowing the use of certain directives to execute arbitrary Java code. A different vulnerability than CVE-2025-10770.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/66xxx/CVE-2025-66913.json",
"cna_assigner": "mitre"
}{
"source": "CPE_RANGE",
"cpe": "cpe:2.3:a:jeecg:jimureport:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "2.1.3"
}
]
}