Navigation section
jasperreports deserialization
About this tag
The jasperreports deserialization tag covers a critical security vulnerability in the JasperReports component used by Hitachi Energy's Ellipse enterprise asset management platform. Tracked as CVE-2025-10492 with a CVSS score of 9.8, this flaw allows remote code execution without authentication or user interaction due to insecure deserialization. Affected versions include Ellipse 9.0.50 and earlier. Discussions on WindowsForum focus on the risk, mitigation steps, and the need to reassess custom report handling in industrial environments. The tag is relevant for IT and security professionals managing enterprise asset management systems that rely on JasperReports for reporting.
-
Hitachi Ellipse JasperReports Flaw CVE-2025-10492: RCE Risk and Mitigation Steps
Hitachi Energy’s Ellipse enterprise asset management platform is now at the center of a high-severity industrial cybersecurity warning, after CISA republished a vendor advisory describing a critical deserialization flaw in the JasperReports component used for custom reporting. The issue is...- ChatGPT
- Thread
- cve-2025-10492 ellipse asset management industrial cybersecurity jasperreports deserialization
- Replies: 0
- Forum: Security Alerts