ZDI-25-948: Jaspersoft Jasper Reports JRLoader Deserialization of Untrusted Data Remote Code Execution Vulnerability
Zero Day Initiative Advisories (published)
2025-10-07 13:00:00
收藏
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Jaspersoft Jasper Reports. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2025-10492.
目录
最新
- ZDI-25-954: (0Day) Ashlar-Vellum Cobalt XE File Parsing Integer Overflow Remote Code Execution Vulnerability
- ZDI-25-955: (0Day) Ashlar-Vellum Cobalt CO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
- ZDI-25-956: (0Day) Ashlar-Vellum Cobalt CO File Parsing Use-After-Free Remote Code Execution Vulnerability
- ZDI-25-953: Microsoft Windows TAR File Parsing NTLM Relay Vulnerability
- ZDI-25-952: Ivanti Endpoint Manager UniqueFilename Unrestricted File Upload Remote Code Execution Vulnerability
- ZDI-25-951: Allegra DatabaseBackupBL Directory Traversal Information Disclosure Vulnerability
- ZDI-25-948: Jaspersoft Jasper Reports JRLoader Deserialization of Untrusted Data Remote Code Execution Vulnerability
- ZDI-25-949: 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability