Improper Request Verification in Lanscope Endpoint Manager by Motex
CVE-2025-61932
Key Information:
- Vendor
Motex Inc.
- Vendor
- CVE Published:
- 20 October 2025
Badges
What is CVE-2025-61932?
CVE-2025-61932 is a vulnerability found in Lanscope Endpoint Manager, a tool developed by Motex Inc. designed to manage and secure endpoint devices within an organization. This vulnerability arises from improper request verification within the software's Client program and Detection agent components. By exploiting this flaw, an attacker can craft specially formulated packets to impersonate legitimate requests, allowing them to execute arbitrary code on the affected systems. The implications of this flaw are significant; if successfully exploited, it could lead to unauthorized access, manipulation of system configurations, and even full system takeover, thereby jeopardizing the integrity and confidentiality of sensitive organizational data.
Potential Impact of CVE-2025-61932
-
Arbitrary Code Execution: Attackers can execute arbitrary code on compromised systems, leading to unauthorized access and control over critical resources within the organization. This could result in severe operational disruptions and data compromise.
-
Data Breach Risks: Sensitive information could be exposed or manipulated due to the lack of proper request verification, furthering the risk of data theft and loss of customer trust.
-
System Integrity Threats: The ability to send specially crafted packets undermines the sanitization of input, making systems more susceptible to additional attacks, including malware deployment and lateral movement within the network.
CISA has reported CVE-2025-61932
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-61932 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) Ver.9.4.7.1 and earlier
News Articles
CVE-2025-61932 Exploitation: A New Critical Motex LANSCOPE Endpoint Manager Vulnerability Used in Real-World Attacks
Analysis of CVE-2025-61932 RCE in Motex LANSCOPE Endpoint Manager with active exploitation reports, investigation focus, mitigation steps, and incident response guidance.
3 weeks ago
Bronze Butler APT Exploits 0-Day Bug to Root Japan Orgs
A critical security issue in a popular endpoint manager allowed Chinese state-sponsored attackers to backdoor Japanese businesses.
China-linked hackers exploited Lanscope flaw as a zero-day in attacks
China-linked cyber-espionage actors tracked as 'Bronze Butler' (Tick) exploited a Motex Lanscope Endpoint Manager vulnerability as a zero-day to deploy an updated version of their Gokcpdoor malware.
References
EPSS Score
7% chance of being exploited in the next 30 days.
CVSS V4
CVSS V3.0
Timeline
- ๐ฐ
Used in Ransomware
- ๐พ
Exploit known to exist
- ๐ฆ
CISA Reported
- ๐ฐ
First article discovered by GBHackers News
Vulnerability published
Vulnerability Reserved