Login Sign Up

CVE-2025-10771

6.3 MEDIUM
Remote Code Execution Deserialization

📋 TL;DR

This vulnerability in jeecgboot JimuReport allows remote attackers to execute arbitrary code through deserialization attacks via the DB2 JDBC Handler component. It affects JimuReport versions up to 2.1.2. Organizations using vulnerable versions with internet-facing instances are at highest risk.

💻 Affected Systems

Products:
  • jeecgboot JimuReport
Versions: Up to and including 2.1.2
Operating Systems: All platforms running Java
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the DB2 JDBC Handler component specifically. Requires the vulnerable endpoint to be accessible.

📦 What is this software?

Jimureport by Jeecg

View all CVEs affecting Jimureport →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data exfiltration, and lateral movement within the network.

🟠

Likely Case

Remote code execution allowing attackers to gain unauthorized access, manipulate data, or disrupt reporting services.

🟢

If Mitigated

Limited impact if proper network segmentation and input validation controls are implemented.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploit details have been publicly disclosed but no public proof-of-concept code is confirmed. Attack can be executed remotely without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 2.1.3 or later

Vendor Advisory: https://github.com/jeecgboot/jimureport/issues/4117

Restart Required: Yes

Instructions:

1. Upgrade JimuReport to version 2.1.3 or later. 2. Restart the application server. 3. Verify the patch is applied by checking the version.

🔧 Temporary Workarounds

Network Access Control

all

Restrict access to the vulnerable endpoint /drag/onlDragDataSource/testConnection

Use firewall rules to block external access to the vulnerable endpoint

Input Validation

all

Implement input validation for the clientRerouteServerListJNDIName parameter

Configure WAF rules to block deserialization payloads

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate vulnerable systems
  • Deploy web application firewall with deserialization attack detection rules

🔍 How to Verify

Check if Vulnerable:

Check JimuReport version. If version is 2.1.2 or earlier, the system is vulnerable.

Check Version:

Check application configuration files or admin interface for version information

Verify Fix Applied:

Verify JimuReport version is 2.1.3 or later and test the vulnerable endpoint is no longer exploitable.

📡 Detection & Monitoring

Log Indicators:

  • Unusual requests to /drag/onlDragDataSource/testConnection
  • Java deserialization errors in application logs
  • Unexpected Java class loading

Network Indicators:

  • HTTP POST requests to vulnerable endpoint with serialized payloads
  • Unusual outbound connections from application server

SIEM Query:

source="application_logs" AND (uri="/drag/onlDragDataSource/testConnection" OR message="*deserialization*")

📊 Metadata

CVE ID: CVE-2025-10771
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-20
EPSS Score: 0.08% exploit probability (23.2th percentile)
Published: September 21, 2025
Last Updated: October 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10771, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)