The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a severe warning about a critical vulnerability in Motex LANSCOPE Endpoint Manager that is being actively exploited in ongoing cyberattacks. The flaw, tracked as CVE-2025-61932, is a major concern as it has been added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog, confirming its real-world abuse by malicious actors. With a critical severity rating, the vulnerability is described as an “improper verification of source of a communication channel,” which can be leveraged by a remote, unauthenticated attacker to execute arbitrary code on vulnerable systems by simply sending specially crafted packets. This allows attackers to potentially gain complete control over managed endpoints, posing a significant risk of data theft, network compromise, or the deployment of ransomware.
The flaw specifically impacts on-premises versions of LANSCOPE Endpoint Manager, including the Client program (MR) and the Detection Agent (DA), affecting versions 9.4.7.1 and earlier. While the endpoint management solution is highly adopted in Japan and other parts of Asia, its critical nature demands immediate global attention. The vendor, Motex, has released urgent security updates to address the issue, urging all users to upgrade to one of the patched versions, such as 9.4.7.3. CISA’s inclusion of the flaw in the KEV Catalog mandates that all U.S. Federal Civilian Executive Branch (FCEB) agencies must remediate the vulnerability by November 12, 2025, underscoring the urgency of the threat. All organizations, regardless of sector, are strongly advised to prioritize patching immediately to defend their networks against these active exploitation attempts. This incident highlights the persistent danger posed by zero-day and newly disclosed flaws in widely deployed enterprise management tools, which often serve as high-value targets for attackers seeking deep network access.
