CVE-2025-66913 is a critical remote code execution (RCE) vulnerability affecting JimuReport versions through 2.1.3. The root cause lies in the application's unsafe processing of user-controlled H2 JDBC URLs. JimuReport directly passes these attacker-supplied JDBC URLs to the H2 database driver without adequate validation or sanitization. The H2 driver supports certain directives within the JDBC URL that can be abused to execute arbitrary Java code on the host system. This means an attacker can craft a malicious JDBC URL that, when processed by JimuReport, triggers execution of arbitrary commands or code in the Java runtime environment. This vulnerability is distinct from CVE-2025-10770, indicating a separate attack vector. Exploitation does not require authentication or user interaction, making it highly dangerous. The vulnerability impacts confidentiality by allowing data access or exfiltration, integrity by enabling code injection or modification, and availability by potentially causing system crashes or persistent backdoors. No official patches or workarounds are currently listed, and no public exploits have been observed yet. However, the nature of the vulnerability suggests that exploitation could be straightforward for attackers familiar with H2 JDBC URL manipulation. Organizations using JimuReport for business intelligence or reporting should consider this a high priority risk.

For European organizations, the impact of CVE-2025-66913 could be severe. JimuReport is often used in enterprise environments for generating reports and analyzing data, which may include sensitive or regulated information. Successful exploitation could lead to unauthorized access to confidential data, manipulation of reports, or complete system compromise. This could result in data breaches, regulatory non-compliance (e.g., GDPR violations), financial losses, and reputational damage. Additionally, attackers could leverage this vulnerability to establish persistent footholds within networks, facilitating further lateral movement or ransomware deployment. The lack of authentication and user interaction requirements increases the risk of automated exploitation attempts, especially on internet-facing instances. European sectors such as finance, healthcare, manufacturing, and government agencies that rely on reporting tools are particularly vulnerable. The potential for widespread impact is heightened by the integration of JimuReport in various IT ecosystems across Europe.

Immediate mitigation steps include restricting access to JimuReport interfaces that process JDBC URLs, ideally limiting them to trusted internal networks. Implement strict input validation and sanitization on all user-supplied JDBC URL parameters to prevent malicious directives from being processed. Monitor logs for suspicious JDBC URL patterns or unusual database driver activity. If possible, disable or sandbox the H2 database driver features that allow execution of arbitrary code via JDBC URLs. Organizations should engage with JimuReport vendors or maintainers to obtain patches or updates addressing this vulnerability. Until patches are available, consider deploying web application firewalls (WAFs) with custom rules to detect and block malicious JDBC URL payloads. Conduct thorough security assessments and penetration testing focused on this attack vector. Educate developers and administrators about the risks of passing user-controlled inputs directly to database drivers. Finally, maintain robust incident response plans to quickly contain and remediate any exploitation attempts.