CRITICAL
Jaspersoft
CVE published 2025-12-09
CVE-2025-10492
CVE-2025-10492 is a critical Java deserialization vulnerability in a third-party JasperReports/Jaspersoft component used by Hitachi Energy Ellipse for custom reports. According to the advisory, improperly handled externally supplied data could let an attacker execute arbitrary code remotely on affected systems. CISA’s advisory was initially released on 2026-02-24 and republished on 2026-04-02 with the ven [truncated]