Latest Cyber Security News

You are here: Home / General Cyber Security News / Critical Lanscope Endpoint Manager Bug Exploited in Ongoing Cyberattacks, CISA Confirms
October 23, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Motex Lanscope Endpoint Manager to its Known Exploited Vulnerabilities (KEV) catalog, stating it has been actively exploited in the wild.

The vulnerability, CVE-2025-61932 (CVSS v4 score: 9.3), impacts on-premises versions of Lanscope Endpoint Manager, specifically Client program and Detection Agent, and could allow attackers to execute arbitrary code on susceptible systems.

“Motex LANSCOPE Endpoint Manager contains an improper verification of source of a communication channel vulnerability, allowing an attacker to execute arbitrary code by sending specially crafted packets,” CISA said.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


CIS Build Kits

The flaw impacts versions 9.4.7.1 and earlier. It has been addressed in the versions below –

  • 9.3.2.7
  • 9.3.3.9
  • 9.4.0.5
  • 9.4.1.5
  • 9.4.2.6
  • 9.4.3.8
  • 9.4.4.6
  • 9.4.5.4
  • 9.4.6.3, and
  • 9.4.7.3

It’s currently not known how the vulnerability is being exploited in real-world attacks, who is behind them, or the scale of such efforts. However, an alert issued by the Japan Vulnerability Notes (JVN) portal earlier this week noted that Motex has confirmed an unnamed customer “received a malicious packet suspected to target this vulnerability.”

In light of active exploitation efforts, Federal Civilian Executive Branch (FCEB) agencies are recommended to remediate CVE-2025-61932 by November 12, 2025, to safeguard their networks.

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.


Some parts of this article are sourced from:
thehackernews.com

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *