The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting Motex Lanscope Endpoint Manager to its Known Exploited Vulnerabilities (KEV) catalog. According to the agency, the flaw has been actively exploited in the wild, posing a significant risk to organizations using unpatched versions.
Identified as CVE-2025-61932 and rated 9.3 (CVSS v4), the vulnerability impacts on-premises deployments of Lanscope Endpoint Manager, particularly its Client Program and Detection Agent components. Successful exploitation could allow attackers to execute arbitrary code on vulnerable systems.
CISA highlighted that the flaw stems from improper verification of communication source channels, enabling attackers to send maliciously crafted packets that trigger remote code execution.
Motex has released patches addressing this issue in the following versions:
- 9.3.2.7
- 9.3.3.9
- 9.4.0.5
- 9.4.1.5
- 9.4.2.6
- 9.4.3.8
- 9.4.4.6
- 9.4.5.4
- 9.4.6.3
- 9.4.7.3
The vulnerability affects all builds up to version 9.4.7.1.
While specific details about attack methods, threat actors, or scale of exploitation remain unclear, Japan’s Vulnerability Notes (JVN) reported that Motex had confirmed at least one customer received a malicious packet suspected of targeting this flaw.
Furthermore, JPCERT/CC acknowledged observing unauthorized packets directed at certain ports within Japanese customer environments since April 2025, confirming that exploitation is ongoing.
Based on current intelligence, attackers appear to be using this vulnerability to install backdoors on compromised systems, granting them persistent access and potential lateral movement within affected networks.
