On October 23, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical security vulnerability affecting Motex Lanscope Endpoint Manager to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild.
Vulnerability Details
The identified flaw, designated as CVE-2025-61932 with a CVSS v4 score of 9.3, impacts on-premises versions of Lanscope Endpoint Manager, specifically the Client program and Detection Agent. This vulnerability arises from improper verification of the source of a communication channel, enabling attackers to execute arbitrary code on vulnerable systems by sending specially crafted packets.
Affected Versions and Patches
Versions 9.4.7.1 and earlier are susceptible to this flaw. Motex has released patches in the following versions to address the issue:
– 9.3.2.7
– 9.3.3.9
– 9.4.0.5
– 9.4.1.5
– 9.4.2.6
– 9.4.3.8
– 9.4.4.6
– 9.4.5.4
– 9.4.6.3
– 9.4.7.3
Exploitation in the Wild
While specific details regarding the exploitation methods, perpetrators, and the scale of attacks remain unclear, reports indicate active abuse of this vulnerability. The Japan Vulnerability Notes (JVN) portal reported that Motex confirmed an incident where a customer received a malicious packet suspected to target this vulnerability. Additionally, Japan’s JPCERT/CC acknowledged instances of unauthorized packets being sent to certain ports in domestic customer environments, with activity noted after April 2025.
These incidents suggest that attackers may be exploiting the vulnerability to deploy backdoors on compromised systems, potentially granting them persistent access and control.
Recommendations and Mitigation
In response to the active exploitation, CISA recommends that Federal Civilian Executive Branch (FCEB) agencies remediate CVE-2025-61932 by November 12, 2025, to protect their networks. Organizations using Lanscope Endpoint Manager should promptly update to the patched versions listed above to mitigate the risk.
Broader Implications
This incident underscores the critical importance of timely patch management and vigilance in monitoring for vulnerabilities within endpoint management solutions. Such tools are integral to organizational security, and flaws within them can serve as gateways for attackers to infiltrate networks, deploy malware, and exfiltrate sensitive data.
Organizations are advised to implement comprehensive security measures, including regular vulnerability assessments, intrusion detection systems, and employee training on recognizing potential threats. Staying informed through reputable cybersecurity sources and adhering to advisories from agencies like CISA can significantly enhance an organization’s defense posture.
Conclusion
The exploitation of CVE-2025-61932 in Lanscope Endpoint Manager highlights the ever-present threat landscape and the necessity for proactive security practices. By promptly applying patches and maintaining robust security protocols, organizations can mitigate risks and safeguard their systems against potential cyberattacks.
