CVE-2025-10492: JasperReports has a Java deserialisation vulnerability

September 16, 2025 (updated January 9, 2026)

A Java deserialisation vulnerability has been discovered in the Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library.

References

community.jaspersoft.com/advisories/jaspersoft-security-advisory-september-16-2025-jaspersoft-library-cve-2025-10492-r6
github.com/Jaspersoft/jasperreports
github.com/Jaspersoft/jasperreports/issues/542
github.com/advisories/GHSA-7c3f-cg9x-f3gr
nvd.nist.gov/vuln/detail/CVE-2025-10492

Code Behaviors & Features

Detect and mitigate CVE-2025-10492 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →