Security Advisory

CVE-2025-66913

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-08 00:00:00

Last updated 2026-01-08 19:44:30

Assigner mitre

State PUBLISHED

Description

JimuReport thru version 2.1.3 is vulnerable to remote code execution when processing user-controlled H2 JDBC URLs. The application passes the attacker-supplied JDBC URL directly to the H2 driver, allowing the use of certain directives to execute arbitrary Java code. A different vulnerability than CVE-2025-10770.

← Browse all CVEs View on cve.org ↗