Urgent Patch: Critical Lanscope Endpoint Manager RCE (CVE-2025-61932, CVSS 9.8) Under Active Exploitation
Ddos 
JPCERT/CC and the developer MOTEX Inc. have issued an urgent advisory for a critical remote code execution (RCE) vulnerability in Lanscope Endpoint Manager (On-Premises), tracked as CVE-2025-61932 with a CVSS v3 score of 9.8 (Critical). The flaw, caused by improper verification of communication channel sources (CWE-940), is actively exploited in the wild, with MOTEX confirming that at least one customer has already been targeted.
According to the advisory, βLanscope Endpoint Manager (On-Premises) provided by MOTEX Inc. contains a vulnerability that leads to arbitrary code execution due to improper verification of source of a communication channel (CWE-940).β
The vulnerability affects the Client Program (MR) and Detection Agent (DA) components in versions 9.4.7.1 and earlier of Lanscope Endpoint Manager (On-Premises).
Exploitation requires no user interaction. JPCERT/CC explains that βa specially crafted packet sent by an attacker could cause arbitrary code execution in the affected products.β
This makes the vulnerability particularly dangerous for enterprise networks where Lanscope agents communicate across distributed endpoints. An attacker who successfully exploits CVE-2025-61932 could execute malicious code with system-level privileges, potentially leading to network compromise, data theft, or ransomware deployment.
MOTEX has verified that βMOTEX Inc. has confirmed the case that its customer received a malicious packet suspected to target this vulnerability.β
MOTEX has released updated builds addressing CVE-2025-61932 and strongly urges all customers to update immediately. Until organizations can deploy the patch, MOTEX recommends applying interim workarounds.
Related Posts:
- Ivanti Patches Two High-Severity RCE Flaws in Endpoint Manager
- Urgent Security Alert: CISA Warns of Actively Exploited Apple and Microsoft Vulnerabilities
- Apache Tomcat Under Attack: Massive Brute-Force Campaign Targets Manager Interfaces
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
