Client requested to address the JasperReports server vulnerability : CVE-2025-10492.
search cancel

Client requested to address the JasperReports server vulnerability : CVE-2025-10492.

book

Article ID: 427053

calendar_today

Updated On:

Products

CA Service Management - Service Desk Manager

Issue/Introduction

Client reported this below vulnerability while accessing reporting module which is integrated with CA Service Management 17.4.

Jaspersoft Library Deserialisation Vulnerability
Original release date: September 16, 2025
Last revised: ---
CVE-2025-10492
Source: Jaspersoft

Environment

Release: CA Service Management 17.4 
JasperReport Server 9.0.0 

Resolution

This vulnerability is addressed by applying the hot fix. Request to download from below link: 

Jasper Report Server cumulative Hotfix T5UG598.caz with APAR NO: 99112550 is published externally.
APAR No: 99112550
https://support.broadcom.com/web/ecx/solutiondetails?aparNo=99112550&os=WINDOWS-ALL

** Kindly review the read me file. This vulnerability is listed as "JRL-2039 - Enable deserialization class filter"

Additional Information

https://community.jaspersoft.com/advisories/jaspersoft-security-advisory-september-16-2025-jaspersoft-library-cve-2025-10492-r6/

Powered by Wolken Software