Summary
Hitachi Energy is aware of a Jasper Report vulnerability that affects the Asset Suite product versions mentioned in this document below. This vulnerability can be exploited to carry out remote code execution (RCE) attack on the product. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation.
The following versions of Hitachi Energy Asset Suite are affected:
- Asset Suite (CVE-2025-10492)
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 9.8 | Hitachi Energy | Hitachi Energy Asset Suite | Deserialization of Untrusted Data |
Background
- Critical Infrastructure Sectors: Energy
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: Switzerland
Vulnerabilities
CVE-2025-10492
A vulnerability exists in Jasper Report third party component of Asset Suite. A Java deserialization vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library.
Affected Products
Hitachi Energy Asset Suite
Hitachi Energy
Asset Suite versions 9.7 and prior
known_affected
Remediations
Vendor fix
Update to version 9.8
Mitigation
Restrict the loading of external custom reports created by end
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: