diff --git a/advisories/unreviewed/2025/09/GHSA-7c3f-cg9x-f3gr/GHSA-7c3f-cg9x-f3gr.json b/advisories/unreviewed/2025/09/GHSA-7c3f-cg9x-f3gr/GHSA-7c3f-cg9x-f3gr.json index 3b9b3956ae543..d935fd61b01cd 100644 --- a/advisories/unreviewed/2025/09/GHSA-7c3f-cg9x-f3gr/GHSA-7c3f-cg9x-f3gr.json +++ b/advisories/unreviewed/2025/09/GHSA-7c3f-cg9x-f3gr/GHSA-7c3f-cg9x-f3gr.json @@ -6,26 +6,51 @@ "aliases": [ "CVE-2025-10492" ], + "summary": "JasperReports Java Deserialisation Vulnerability", "details": "A Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library", "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" - }, { "type": "CVSS_V4", - "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" + } + ], + "affected": [ + { + "package": { + "ecosystem": "Maven", + "name": "net.sf.jasperreports:jasperreports" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "last_affected": "7.0.3" + } + ] + } + ] } ], - "affected": [], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10492" }, + { + "type": "WEB", + "url": "https://github.com/Jaspersoft/jasperreports/issues/542" + }, { "type": "WEB", "url": "https://community.jaspersoft.com/advisories/jaspersoft-security-advisory-september-16-2025-jaspersoft-library-cve-2025-10492-r6" + }, + { + "type": "PACKAGE", + "url": "https://github.com/Jaspersoft/jasperreports" } ], "database_specific": {