Urgent Patch: Critical Lanscope Endpoint Manager RCE (CVE-2025-61932, CVSS 9.8) Under Active Exploitation
Ddos 
JPCERT/CC and the developer MOTEX Inc. have issued an urgent advisory for a critical remote code execution (RCE) vulnerability in Lanscope Endpoint Manager (On-Premises), tracked as CVE-2025-61932 with a CVSS v3 score of 9.8 (Critical). The flaw, caused by improper verification of communication channel sources (CWE-940), is actively exploited in the wild, with MOTEX confirming that at least one customer has already been targeted.
According to the advisory, “Lanscope Endpoint Manager (On-Premises) provided by MOTEX Inc. contains a vulnerability that leads to arbitrary code execution due to improper verification of source of a communication channel (CWE-940).”
The vulnerability affects the Client Program (MR) and Detection Agent (DA) components in versions 9.4.7.1 and earlier of Lanscope Endpoint Manager (On-Premises).
Exploitation requires no user interaction. JPCERT/CC explains that “a specially crafted packet sent by an attacker could cause arbitrary code execution in the affected products.”
This makes the vulnerability particularly dangerous for enterprise networks where Lanscope agents communicate across distributed endpoints. An attacker who successfully exploits CVE-2025-61932 could execute malicious code with system-level privileges, potentially leading to network compromise, data theft, or ransomware deployment.
MOTEX has verified that “MOTEX Inc. has confirmed the case that its customer received a malicious packet suspected to target this vulnerability.”
MOTEX has released updated builds addressing CVE-2025-61932 and strongly urges all customers to update immediately. Until organizations can deploy the patch, MOTEX recommends applying interim workarounds.
Donate