The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw affecting Motex Lanscope Endpoint Manager to its Known Exploited Vulnerabilities (KEV) catalog, saying it is being exploited in the wild.
This vulnerability, CVE-2025-61932 (CVSS v4 score: 9.3), affects on-premises versions of Lanscope Endpoint Manager, specifically the client program and detection agent, and could allow an attacker to execute arbitrary code on an affected system.
“Motex LANSCOPE Endpoint Manager contains improper source validation of a communication channel vulnerability that could allow an attacker to execute arbitrary code by sending specially crafted packets,” CISA said.
This flaw affects versions 9.4.7.1 and earlier. This issue is resolved in the following versions:
9.3.2.7 9.3.3.9 9.4.0.5 9.4.1.5 9.4.2.6 9.4.3.8 9.4.4.6 9.4.5.4 9.4.6.3, and 9.4.7.3
It is currently unclear how this vulnerability is being exploited in real-world attacks, who is behind it, and the scale of such efforts. However, an alert issued by the Japan Vulnerability Notes (JVN) portal earlier this week said Motex had confirmed that an anonymous customer “received a malicious packet that appeared to target this vulnerability.”
In light of active exploitation efforts, Federal Civilian Executive Branch (FCEB) agencies are encouraged to remediate CVE-2025-61932 by November 12, 2025 to protect their networks.
Source link
