AI description
CVE-2025-10492 is a Java deserialization vulnerability identified in the Jaspersoft Library. This flaw stems from the improper handling of externally supplied data during the deserialization process, which can allow attackers to execute arbitrary code remotely on systems utilizing the affected library. The vulnerability impacts various Jaspersoft products, including JasperReports Library (Community & Professional editions), JasperReports Server, JasperReports Studio, and JasperReports IO editions. Exploitation typically involves providing malicious JRXML report templates or compiled `.jasper` report templates, which, when loaded and deserialized by the application, can lead to remote code execution.
- Description
- A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library
- Source
- db6d2600-d19b-4111-a010-f3c4ed70cd50
- NVD status
- Modified
- Products
- jasperreports_io, jasperreports_library, jasperreports_server, jasperreports_studio, jasperreports_web_studio
CVSS 4.0
- Type
- Secondary
- Base score
- 8.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- Hype score
- Not currently trending
๐ #CyberSecurity Critical CVE-2025-10492: Mitigating Unauthenticated RCE in Hitachi Energy Ellipโฆ "Security teams managing Operational Technology (OT) and Critical Manufacturing environmentsโฆ" ๐ https://t.co/I80reOj0LP #CyberSecurity #ThreatIntel #vulnerability #cve
@SecurityAr58409
15 Apr 2026
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Attackers exploiting CVE-2025-10492 in Hitachi Energy's Ellipse platform can achieve unauthenticated remote code execution, then escalate privileges and move laterally across enterprise networks. Runtime segmentation helps limit blast radius when critical infrastructure systems
@aviatrixtrc
3 Apr 2026
131 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
โ ๏ธ **Vulnerability Alert:** Jaspersoft Java Deserialization RCE in Hitachi Energy Ellipse (CVE-2025-10492) ๐ **CVE-2025-10492** | ๐ CVSS: 9.8 (Critical ๐ด) | ๐ EPSS: 59.43% ๐ ๏ธ **Exploit Maturity:** Not Available ๐ **Affected Versions:** Ellipse <= 9.0.
@syedaquib77
2 Apr 2026
140 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
โ ๏ธ **Vulnerability Alert:** Hitachi Energy Ellipse Jaspersoft Java Deserialization Remote Code Execution ๐ **Timeline:** Disclosure: N/A, Patch: N/A ๐ **CVE-2025-10492** | ๐ CVSS: 9.8 (Critical ๐ด) | ๐ EPSS: 59.43% ๐ ๏ธ **Exploit Maturity:** Not Available
@syedaquib77
2 Apr 2026
92 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
โ ๏ธ **Vulnerability Alert:** Hitachi Energy Ellipse Jaspersoft Java Deserialization RCE (CVE-2025-10492) ๐ **Timeline:** Disclosure: Not Available; Patch: Not Available ๐ **CVE-2025-10492** | ๐ CVSS: 9.8 (Critical ๐ด) | ๐ EPSS: 59.43% ๐ ๏ธ **Exploit Maturity
@syedaquib77
2 Apr 2026
127 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
โ ๏ธ **Vulnerability Alert:** Hitachi Energy Ellipse - Jaspersoft Java Deserialization RCE (CVE-2025-10492) ๐ **Timeline:** Disclosure: Unknown, Patch: Unknown ๐ **CVE-2025-10492** | ๐ CVSS: 9.8 (Critical ๐ด) | ๐ EPSS: 59.43% ๐ ๏ธ **Exploit Maturity:** Not Av
@syedaquib77
2 Apr 2026
130 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
โ ๏ธ **Vulnerability Alert:** Multiple ICS Vulnerabilities: Hitachi Ellipse JasperReports RCE; Siemens SICAM 8 DoS/Out-of-bounds; Yokogawa CENTUM VP Hard-coded Password ๐ **Timeline:** Disclosure: unknown, Patch: unknown ๐ **CVE-2025-10492** | ๐ CVSS: 9.8 (Critical
@syedaquib77
2 Apr 2026
94 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
โ ๏ธ **Vulnerability Alert:** Jaspersoft (Jasper Report) Java Deserialization RCE in Hitachi Energy Ellipse (CVE-2025-10492) ๐ **Timeline:** Not Available ๐ **CVE-2025-10492** | ๐ CVSS: 9.8 (Critical ๐ด) | ๐ EPSS: 59.43% ๐ ๏ธ **Exploit Maturity:** Not Availab
@syedaquib77
2 Apr 2026
115 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
โ ๏ธ **Vulnerability Alert:** Multiple ICS Vulnerabilities: Hitachi Energy Ellipse JasperReports RCE; Siemens SICAM 8 DoS (XML parsing/resource exhaustion); Yokogawa CENTUM VP hard-coded PROG password ๐ **Timeline:** Disclosure: 2025-09-16, Patch: 2026-03-30 ๐ **CVE-2025
@syedaquib77
2 Apr 2026
138 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hitachi Energy Asset Suite versions 9.7 and earlier have a Java deserialization flaw (CVE-2025-10492) via Jasper Report, allowing remote code execution. Network segmentation and firewalls are recommended. #EnergySecurity #JavaFlaw #USA https://t.co/D4cOzDmDjd
@TweetThreatNews
10 Jan 2026
111 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-10492: How a Third-Party Library Exposed the Core of Hitachi Energyโs Asset Suite Read the full report on - https://t.co/nFTJbZBkXy https://t.co/8YQkQYhNNd
@cyberbivash
10 Jan 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Jaspersoft Jasper Reports JRLoader Deserialization of Untrusted Data Remote Code Execution Vulnerability (CVE-2025-10492) #CVE202510492 #CyberSecurity #Jaspersoft #RemoteCodeExecutionVulnerability https://t.co/SFQXdf0pAb https://t.co/dKSqohi3pd
@SystemTek_UK
11 Oct 2025
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-10492 Java Deserialization Remote Code Execution in Jaspersoft Library https://t.co/Mqc2zYye0A
@VulmonFeeds
17 Sept 2025
74 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cloud:jasperreports_io:*:*:*:*:at-scale:*:*:*",
"matchCriteriaId": "EE18AC5A-0750-49DD-8C60-051E2CC4BF21",
"versionEndIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloud:jasperreports_io:*:*:*:*:professional:*:*:*",
"matchCriteriaId": "80E88A74-1650-4F7F-8C27-1F1E4340097B",
"versionEndIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloud:jasperreports_library:*:*:*:*:community:*:*:*",
"matchCriteriaId": "F0F18644-0B89-4515-9932-9AD934F4EF44",
"versionEndIncluding": "7.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloud:jasperreports_library:*:*:*:*:professional:*:*:*",
"matchCriteriaId": "B578C57A-08E7-48BA-AD70-0F70AC76CE1E",
"versionEndIncluding": "9.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloud:jasperreports_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7395E03-A986-433C-9079-B6907D0542CA",
"versionEndIncluding": "9.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloud:jasperreports_studio:*:*:*:*:community:*:*:*",
"matchCriteriaId": "39679BD0-F934-425C-86DC-9DDB0818AE63",
"versionEndIncluding": "7.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloud:jasperreports_studio:*:*:*:*:professional:*:*:*",
"matchCriteriaId": "546BE369-B456-42EB-B962-FC3DC131AE98",
"versionEndIncluding": "9.0.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cloud:jasperreports_web_studio:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79081F65-FE87-440C-B7BE-3F7D6069646B",
"versionEndIncluding": "3.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]