A critical security flaw has been identified in Motex LANSCOPE Endpoint Manager, a widely used tool for managing IT assets across networks. This vulnerability, designated as CVE-2025-61932, allows attackers to execute arbitrary code by sending specially crafted packets to the affected system. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has confirmed active exploitation of this flaw, adding it to its Known Exploited Vulnerabilities (KEV) catalog.
Understanding CVE-2025-61932
CVE-2025-61932 arises from improper verification of the source of a communication channel within LANSCOPE Endpoint Manager. This flaw enables unauthenticated attackers to send malicious packets that the system processes, leading to remote code execution. The vulnerability affects the Client Program (MR) and Detection Agent (DA) components in versions 9.4.7.1 and earlier of the on-premises edition. The cloud-based version remains unaffected.
Active Exploitation and Impact
Motex has reported instances where customer environments received unauthorized packets from external sources, indicating active exploitation. Japan’s JPCERT/CC has also observed similar activities since April 2025. The exploitation of this vulnerability poses significant risks, including potential data theft, ransomware deployment, and full system compromise.
Affected Versions and Patch Availability
The vulnerability impacts LANSCOPE Endpoint Manager versions 9.4.7.1 and earlier. Motex has released patches in the following versions:
– 9.3.2.7
– 9.3.3.9
– 9.4.0.5
– 9.4.1.5
– 9.4.2.6
– 9.4.3.8
– 9.4.4.6
– 9.4.5.4
– 9.4.6.3
– 9.4.7.3
Organizations are urged to update all client PCs to these patched versions immediately. The management server software is not affected and does not require an upgrade.
Mitigation Measures
To mitigate the risks associated with CVE-2025-61932, organizations should:
– Apply Patches Promptly: Update all affected systems to the patched versions provided by Motex.
– Monitor Network Traffic: Review network logs for suspicious or unexpected inbound packets.
– Restrict External Communications: Limit external communication channels to trusted sources only.
– Stay Informed: Continuously monitor advisories from CISA and other relevant cybersecurity authorities.
Conclusion
The exploitation of CVE-2025-61932 in Motex LANSCOPE Endpoint Manager underscores the critical importance of timely vulnerability management. Organizations must act swiftly to apply patches and implement recommended security measures to protect their systems from potential attacks.
