CVE-2025-66913

CRITICAL
2026-01-08 [email protected]
9.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
PoC Detected
Jan 30, 2026 - 01:06 vuln.today
Public exploit code
CVE Published
Jan 08, 2026 - 20:15 nvd
CRITICAL 9.8

Tags

Java RCE Jimureport

Description

JimuReport thru version 2.1.3 is vulnerable to remote code execution when processing user-controlled H2 JDBC URLs. The application passes the attacker-supplied JDBC URL directly to the H2 driver, allowing the use of certain directives to execute arbitrary Java code. A different vulnerability than CVE-2025-10770.

Analysis

JimuReport through 2.1.3 has RCE via user-controlled H2 JDBC URLs. The application passes attacker-supplied JDBC connection strings directly to the H2 driver, which supports directives for arbitrary Java code execution. PoC available.

Technical Context

User-controlled JDBC URLs are passed to the H2 database driver without sanitization (CWE-94). H2 supports INIT=RUNSCRIPT and other directives that execute arbitrary Java code during connection initialization. This is a well-known attack vector against H2-based applications.

Affected Products

JimuReport through 2.1.3

Remediation

Update JimuReport. Validate and whitelist JDBC connection URLs. Use a dedicated database account with minimal privileges.

Priority Score

70
Low Medium High Critical
KEV: 0
EPSS: +0.6
CVSS: +49
POC: +20

Share

CVE-2025-66913 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy