CVE-2025-10771

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-10771

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-10771.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-10771

Published

2025-09-21T23:15:35.150Z

Modified

2025-11-16T12:23:54.289957Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability was determined in jeecgboot JimuReport up to 2.1.2. Affected is an unknown function of the file /drag/onlDragDataSource/testConnection of the component DB2 JDBC Handler. Executing manipulation of the argument clientRerouteServerListJNDIName can lead to deserialization. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.

References

Affected packages

Git / github.com/jeecgboot/jimureport

Affected ranges

Type: GIT
Repo: https://github.com/jeecgboot/jimureport
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

14617d38e3c261c00fd1da54ca8d8552aa427232

Affected versions

v1.*

v1.5.6

v1.5.9

v1.6.0

v1.6.1

v1.6.2

v1.6.2-GA5

v1.6.4

v1.6.5

v1.6.6

v1.7.0

v1.7.2

v1.7.4

v1.7.52

v1.7.8

v1.8.0

v1.8.1

v1.9.0

v1.9.1

v1.9.3

v1.9.4

v2.*

v2.0.0

v2.1.0

v2.1.1

v2.1.2