What is CVE-2025-10492?

CVE-2025-10492 is a vulnerability in Jaspersoft Jasperreports Io At-scale, classified under Deserialization of Untrusted Data. Published 2025-09-16.

Is CVE-2025-10492 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Deserialization in Jaspersoft Jasperreports Io At-scale

CVE-2025-10492

A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library

Vulnerability class: Insecure Deserialization

EPSS: 0.007 (71.4th percentile) — read the EPSS interpretation.

Affected products

Jaspersoft Jasperreports Io At-scale — versions 0
Jaspersoft Jasperreports Io Professional — versions 0
Jaspersoft Jasperreports Library Community Edition — versions 0
Jaspersoft Jasperreports Library Professional — versions 0
Jaspersoft Jasperreports Server — versions 0
Jaspersoft Jasperreports Web Studio — versions 0
Jaspersoft Studio Community Edition — versions 0
Jaspersoft Studio Professional — versions 0

Weakness classification (CWE)

CWE-502 — Deserialization of Untrusted Data

Public proof-of-concept exploits

nomi-sec/PoC-in-GitHub

References

community.jaspersoft.com/advisories/jaspersoft-security-advisory-september-16-2…

Frequently asked questions

What is CVE-2025-10492?: CVE-2025-10492 is a vulnerability in Jaspersoft Jasperreports Io At-scale, classified under Deserialization of Untrusted Data. Published 2025-09-16.
Is CVE-2025-10492 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.