Description

JimuReport thru version 2.1.3 is vulnerable to remote code execution when processing user-controlled H2 JDBC URLs. The application passes the attacker-supplied JDBC URL directly to the H2 driver, allowing the use of certain directives to execute arbitrary Java code. A different vulnerability than CVE-2025-10770.

INFO

Published Date :

2026-01-08T00:00:00.000Z

Last Modified :

2026-01-08T19:44:30.895Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-66913 vulnerability.

Vendors Products
Jeecg
  • Jimureport
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-66913.

URL Resource
https://gist.github.com/Catherines77/f15d53e9705b24cf018e5bffed3e8234 cve-icon cve-icon
https://github.com/jeecgboot/jimureport/issues/4306 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact