CVE-2025-10770 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2025-10770?

CVE-2025-10770 has a CVSS score of 6.3 (MEDIUM). This vulnerability allows remote attackers to exploit a deserialization flaw in jeecgboot JimuReport's MySQL JDBC handler. Attackers can execute arbitrary code by manipulating the /drag/onlDragDataSource/testConnection endpoint. All systems running vulnerable versions of JimuReport are affected.

📋 TL;DR

This vulnerability allows remote attackers to exploit a deserialization flaw in jeecgboot JimuReport's MySQL JDBC handler. Attackers can execute arbitrary code by manipulating the /drag/onlDragDataSource/testConnection endpoint. All systems running vulnerable versions of JimuReport are affected.

💻 Affected Systems

Products:

jeecgboot JimuReport

Versions: Up to version 2.1.2

Operating Systems: All platforms running Java

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the MySQL JDBC handler component; any system with the vulnerable endpoint exposed is at risk.

📦 What is this software?

Jimureport by Jeecg

View all CVEs affecting Jimureport →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and lateral movement within the network.

🟠

Likely Case

Remote code execution allowing attackers to gain unauthorized access, exfiltrate sensitive data, or deploy malware.

🟢

If Mitigated

Limited impact if network segmentation, input validation, and proper access controls prevent exploitation.

🌐 Internet-Facing: HIGH - Remote exploitation is possible and public exploit exists, making internet-facing instances prime targets.

🏢 Internal Only: MEDIUM - Internal systems remain vulnerable but require initial network access; risk increases if attackers breach perimeter.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploit is publicly available; remote exploitation without authentication is possible via the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 2.1.3 or later

Vendor Advisory: https://github.com/jeecgboot/jimureport/issues/4116

Restart Required: No

Instructions:

1. Update JimuReport to version 2.1.3 or later. 2. Download from official repository. 3. Replace existing installation files. 4. Verify the update.

🔧 Temporary Workarounds

Block Vulnerable Endpoint

all

Restrict access to the /drag/onlDragDataSource/testConnection endpoint using network controls or web application firewall.

Input Validation

all

Implement strict input validation and sanitization for JDBC connection parameters to prevent deserialization attacks.

🧯 If You Can't Patch

Isolate the JimuReport instance in a segmented network to limit potential lateral movement.
Implement strict network access controls to allow only trusted IPs to access the vulnerable endpoint.

🔍 How to Verify

Check if Vulnerable:

Check the JimuReport version; if it's 2.1.2 or earlier, the system is vulnerable. Review application logs for suspicious access to /drag/onlDragDataSource/testConnection.

Check Version:

Check the application configuration or deployment files for version information; no universal command exists.

Verify Fix Applied:

Confirm the JimuReport version is 2.1.3 or later. Test the endpoint with safe inputs to ensure proper handling.

📡 Detection & Monitoring

Log Indicators:

Unusual requests to /drag/onlDragDataSource/testConnection
Java deserialization errors in logs
Unexpected process execution

Network Indicators:

Suspicious traffic to the vulnerable endpoint from untrusted sources
Anomalous outbound connections post-exploit

SIEM Query:

source="jimureport.log" AND (uri="/drag/onlDragDataSource/testConnection" OR message="*deserialization*")

📊 Metadata

CVE ID: CVE-2025-10770

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-20

EPSS Score: 0.08% exploit probability (24.2th percentile)

Published: September 21, 2025

Last Updated: October 8, 2025

🔗 References

https://github.com/jeecgboot/jimureport/issues/4116 Exploit,Issue Tracking,Third Party Advisory
https://github.com/jeecgboot/jimureport/issues/4116#issue-3391107887 Exploit,Issue Tracking,Third Party Advisory
https://vuldb.com/?ctiid.325126 Permissions Required,VDB Entry
https://vuldb.com/?id.325126 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.649755 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10770, you might also want to check these: