CVE-2025-10492

CRITICAL

Cloud Jasperreports IO < 4.0.0 - Insecure Deserialization

Title source: rule

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-10492. PoCs published by adminlove520, dovezp.

AI-analyzed exploit summary The repository contains a scanner for CVE-2024-21762, which checks for the presence of the vulnerability in Fortinet SSL VPN interfaces. It includes Python scripts that send crafted HTTP requests to detect if a target is vulnerable.

Description

A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library

Exploits (2)

github SCANNER 2 stars

by adminlove520 · pythonpoc

https://github.com/adminlove520/CVE-Poc_All_in_One/tree/main/2025/CVE-2025-10492

View Code ZIP pw:eip

The repository contains a scanner for CVE-2024-21762, which checks for the presence of the vulnerability in Fortinet SSL VPN interfaces. It includes Python scripts that send crafted HTTP requests to detect if a target is vulnerable.

Classification

Scanner 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Fortinet SSL VPN

No auth needed

Prerequisites: network access to the target · Python environment

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 27, 2026 Full analysis →

nomisec STUB

by dovezp · poc

https://github.com/dovezp/CVE-2025-10492-POC

View Code ZIP pw:eip

The repository contains only a README.md file with minimal content, lacking any exploit code or technical details. It appears to be a placeholder or incomplete PoC for CVE-2025-10492.

Classification

Stub 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: unknown

No auth needed

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory

https://community.jaspersoft.com/advisories/jaspersoft-security-advisory-september-16-2025-jaspersoft-library-cve-2025-10492-r6/

Various Sources

https://community.jaspersoft.com/forums/topic/69926-cve-2025-10492-%E2%80%93-no-fix-available-after-jasperreports-upgrade-community-edition

Scores

CVSS v3 9.8

EPSS 0.0087

EPSS Percentile 75.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-502

Status published

Products (8)

cloud/jasperreports_io < 4.0.0 (2 CPE variants)

cloud/jasperreports_library < 7.0.3

cloud/jasperreports_library < 9.0.2

cloud/jasperreports_server < 9.0.0

cloud/jasperreports_studio < 7.0.3

cloud/jasperreports_studio < 9.0.2

cloud/jasperreports_web_studio < 3.0.1

net.sf.jasperreports/jasperreports 0Maven

Published Sep 16, 2025

Tracked Since Feb 18, 2026