Path Traversal Vulnerability in Lanscope Endpoint Manager by Motex
CVE-2026-25785

9.3CRITICAL

Key Information:

Vendor: Motex Inc.
Status: Lanscope Endpoint Manager (on-premises) Sub-manager Server
Vendor: CVE Published:; 25 February 2026

What is CVE-2026-25785?

A path traversal vulnerability exists in Lanscope Endpoint Manager's On-Premises Sub-Manager Server, specifically in versions 9.4.7.3 and earlier. This flaw allows attackers to manipulate file paths, which can lead to unauthorized access and execution of arbitrary code on the affected system. Organizations using these versions are advised to take immediate actions to mitigate potential risks stemming from this vulnerability.

Affected Version(s)

Lanscope Endpoint Manager (On-Premises) Sub-Manager Server Ver.9.4.7.3 and earlier

References

https://www.motex.co.jp/news/notice/2026/release260225/

https://jvn.jp/en/jp/JVN79096585/

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

CVSS V3.0

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 25, 2026
Vulnerability Reserved
Feb 16, 2026

CVE-2026-25785 Data

JSON

Motex Inc.

What is CVE-2026-25785?

Affected Version(s)

References

CVSS V4

CVSS V3.0

Timeline