Hitachi Energyβs Asset Suite versions prior to 9.8 are vulnerable to a Java deserialization flaw exploited through Jasper Report, risking remote code execution. Proper mitigation and network security practices are essential to protect critical energy infrastructure from potential attacks. #JasperReport #DeserializationVulnerability
Keypoints
- The vulnerability affects Hitachi Energy Asset Suite versions 9.7 and earlier.
- CVE-2025-10492 pertains to a deserialization flaw in the Jaspersoft library used by Asset Suite.
- Exploiting this flaw can enable remote attackers to execute arbitrary code remotely.
- Hitachi Energy recommends network segmentation, firewall protections, and secure remote access measures.
- Organizations should stay updated on security advisories and conduct thorough risk assessments.
Read More: https://www.cisa.gov/news-events/ics-advisories/icsa-26-008-01