{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47654?format=json","vulnerability_id":"VCID-srct-m7p5-zfaj","summary":"JasperReports has a Java deserialisation vulnerability\nA Java deserialisation vulnerability has been discovered in the Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library.","aliases":[{"alias":"CVE-2025-10492"},{"alias":"GHSA-7c3f-cg9x-f3gr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/70113?format=json","purl":"pkg:maven/net.sf.jasperreports/jasperreports@7.0.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/net.sf.jasperreports/jasperreports@7.0.4"}],"affected_packages":[],"references":[{"reference_url":"https://community.jaspersoft.com/advisories/jaspersoft-security-advisory-september-16-2025-jaspersoft-library-cve-2025-10492-r6","reference_id":"","reference_type":"","scores":[],"url":"https://community.jaspersoft.com/advisories/jaspersoft-security-advisory-september-16-2025-jaspersoft-library-cve-2025-10492-r6"},{"reference_url":"https://community.jaspersoft.com/forums/topic/69926-cve-2025-10492-%E2%80%93-no-fix-available-after-jasperreports-upgrade-community-edition","reference_id":"","reference_type":"","scores":[],"url":"https://community.jaspersoft.com/forums/topic/69926-cve-2025-10492-%E2%80%93-no-fix-available-after-jasperreports-upgrade-community-edition"},{"reference_url":"https://github.com/Jaspersoft/jasperreports","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/Jaspersoft/jasperreports"},{"reference_url":"https://github.com/Jaspersoft/jasperreports/commit/3541a3e2b1ad8b78388ac505091da75cb652a647","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/Jaspersoft/jasperreports/commit/3541a3e2b1ad8b78388ac505091da75cb652a647"},{"reference_url":"https://github.com/Jaspersoft/jasperreports/commit/827c2f27c4ca8e2c5b3142d76df9c1c8575f3569","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/Jaspersoft/jasperreports/commit/827c2f27c4ca8e2c5b3142d76df9c1c8575f3569"},{"reference_url":"https://github.com/Jaspersoft/jasperreports/issues/542","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/Jaspersoft/jasperreports/issues/542"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-10492","reference_id":"CVE-2025-10492","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-10492"},{"reference_url":"https://github.com/advisories/GHSA-7c3f-cg9x-f3gr","reference_id":"GHSA-7c3f-cg9x-f3gr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7c3f-cg9x-f3gr"}],"weaknesses":[{"cwe_id":502,"name":"Deserialization of Untrusted Data","description":"The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-srct-m7p5-zfaj"}