Full Report
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Motex Lanscope Endpoint Manager to its Known Exploited Vulnerabilities (KEV) catalog, stating it has been actively exploited in the wild. The vulnerability, CVE-2025-61932 (CVSS v4 score: 9.3), impacts on-premises versions of Lanscope Endpoint Manager, specifically Client
Analysis Summary
# Vulnerability: Critical Arbitrary Code Execution in Motex Lanscope Endpoint Manager
## CVE Details
- CVE ID: CVE-2025-61932
- CVSS Score: 9.3 (Critical, based on CVSS v4 score)
- CWE: Improper verification of source of a communication channel (Inferred)
## Affected Systems
- Products: Motex Lanscope Endpoint Manager (On-premises versions: Client program and Detection Agent)
- Versions: 9.4.7.1 and earlier
- Configurations: Not specified, affects on-premises installations.
## Vulnerability Description
The vulnerability is an improper verification of the source of a communication channel. This flaw allows a remote, unauthenticated attacker to execute arbitrary code on susceptible systems by sending specially crafted network packets to the Lanscope Endpoint Manager components.
## Exploitation
- Status: Exploited in the wild (Confirmed by CISA addition to KEV catalog)
- Complexity: Not explicitly detailed, but remote code execution via network packets suggests potentially low to medium complexity for network-aware attackers.
- Attack Vector: Network
## Impact
- Confidentiality: High (Likely through RCE)
- Integrity: High (Likely through RCE)
- Availability: High (Likely through RCE)
## Remediation
### Patches
Patches are available. Users should upgrade to one of the following fixed versions:
- 9.3.2.7
- 9.3.3.9
- 9.4.0.5
- 9.4.1.5
- 9.4.2.6
- 9.4.3.8
- 9.4.4.6
- 9.4.5.4
- 9.4.6.3
- 9.4.7.3
### Workarounds
No specific workarounds were detailed in the provided text, but immediate patching is urged due to active exploitation.
## Detection
- Indicators of compromise: Motex confirmed a customer received a malicious packet suspected of targeting this vulnerability. Specific packet signatures or anomalous network traffic directed at Lanscope services should be investigated.
- Detection methods and tools: Monitor network traffic directed at Lanscope Endpoint Manager services for suspicious or malformed packets. Full patch deployment status should be verified using inventory tools.
## References
- Vendor Advisories: Motex notice (https://www.motex.co.jp/news/notice/2025/release251020/)
- CISA KEV Catalog (https://www.cisa.gov/news-events/alerts/2025/10/22/cisa-adds-one-known-exploited-vulnerability-catalog)
- JVN Advisory (https://jvn.jp/en/jp/JVN86318557/index.html)