CVE-2025-31672 Apache POI vulnerability in JasperReports Server 9.0

search cancel

CVE-2025-31672 Apache POI vulnerability in JasperReports Server 9.0

book

Article ID: 405584

calendar_today

Updated On:

Products

CA Service Management - Service Desk Manager CA Service Desk Manager

Issue/Introduction

The following vulnerability appears in JasperReports Server 9.0:

The version of Apache POI installed on the remote host is a version prior to 5.4.0. It is, therefore, affected by an improper input validation vulnerability.

Affected file: poi-4.1.1.jar

Environment

JasperReports Server 9.0 / Service Desk Manager 17.4 RU2

Cause

Apache POI version 4.1.1 is affected by CVE-2025-31672

Resolution

A fix is available to address. A newer JasperSoft cumulative hotfix has already been certified by L2 and is available for download from the Support Portal

Feedback

thumb_up Yes

thumb_down No