CNNVD-202509-3198 Information

CNNVD ID

CNNVD-202509-3198

Related CVE

CVE-2025-10771

• CNNVD Published: 2025-09-21

Description (Chinese)

JimuReport是中国JEECG开源的一个免费报表工具。 JimuReport 2.1.2及之前版本存在代码问题漏洞，该漏洞源于组件DB2 JDBC Handler中文件/drag/onlDragDataSource/testConnection对参数clientRerouteServerListJNDIName的操作不当，可能导致远程反序列化攻击。

Description (English)

JimuReport is a free-of-charge reporting tool for JeECG in China. JimuReport 2.1.2 and previous versions had a code problem loophole, which stemmed from the inappropriate operation of the document/drag/onlDragDarataSource/testConnect against the parameter clintRerouteServerListJNDiName in component DB2 JDBC Handler, which could lead to a remote anti-serialization attack.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

Jehovahs Witnesses

Published

2025-09-21

Last Modified

2026-02-24

References

https://github.com/jeecgboot/jimureport/issues/4117#issue-3391268438 https://vuldb.com/?ctiid.325127 https://vuldb.com/?submit.649778 https://vuldb.com/?id.325127 https://access.redhat.com/security/cve/cve-2025-10771

Patch

https://jimureport.com/