CNNVD-202509-3199 Information

CNNVD ID

CNNVD-202509-3199

Related CVE

CVE-2025-10770

• CNNVD Published: 2025-09-21

Description (Chinese)

JimuReport是中国JEECG开源的一个免费报表工具。 JimuReport 2.1.2及之前版本存在代码问题漏洞，该漏洞源于MySQL JDBC Handler组件中文件/drag/onlDragDataSource/testConnection存在反序列化问题，可能导致远程攻击。

Description (English)

JimuReport is a free-of-charge reporting tool for JeECG in China. JimuReport 2.1.2 and previous versions had a code loophole, which originated in the document/drag/onlDragDarataSource/testConnect in MySQL JDBC Handler component and could lead to a remote attack.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

Jehovahs Witnesses

Published

2025-09-21

Last Modified

2026-02-24

References

https://github.com/jeecgboot/jimureport/issues/4116#issue-3391107887 https://vuldb.com/?submit.649755 https://vuldb.com/?ctiid.325126 https://vuldb.com/?id.325126 https://access.redhat.com/security/cve/cve-2025-10770

Patch

https://jimureport.com/