I have found an urgent advisory regarding CVE-2025-61932, a critical Remote Code Execution (RCE) vulnerability discovered in LANSCOPE Endpoint Manager (On-Premises), developed by Motex Inc. (Japan). This advisory was published on October 20, 2025.
This is a live threat: the vulnerability has been added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog, confirming that it is being actively exploited in the wild. Organizations globally must prioritize patching this issue immediately.
🚨 Technical Summary: Severe Risk and Impact
This vulnerability poses a grave risk, allowing remote attackers to achieve complete system compromise.
The core issue stems from Improper Verification of Source of a Communication Channel (CWE-940). An attacker can execute arbitrary code by sending specially crafted packets to a vulnerable endpoint.
| Detail | Source Information |
|---|---|
| CVE Identifier | CVE-2025-61932 |
| Affected Product | LANSCOPE Endpoint Manager (On-Premises) |
| Affected Components | Client (MR) and Detection Agent (DA) components |
| Exploit Vector | Remote, over TCP port 443 (HTTPS) |
| Criticality Score | CVSS v4.0 Score: 9.3 (Critical); CVSS v3.x Score: 9.8 (Critical) |
| Impact | Complete system compromise. Confidentiality, integrity, and availability are all at high risk. Attackers gain full control of endpoints. |
| Confirmed Exploitation | First observed exploited in the wild around April 2025. Exploitation may be used to drop an unspecified backdoor on compromised systems. |
Global Relevance and Official Directives
While LANSCOPE is widely used in Japan and Asia for corporate IT governance, global exposure is confirmed, particularly among organizations in Europe (Germany, the Netherlands, and the U.K.) and North America.
Official agencies are treating this as an emergency:
- CISA Mandate: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) requires all U.S. federal agencies to remediate CVE-2025-61932 by November 12, 2025.
- Regional Confirmation: The Japan CERT (JPCERT/CC) reported confirmed cases of receiving unauthorized packet traffic in domestic customer environments consistent with the exploit.
Compliance Risks (Especially for European Organizations)
For organizations in Europe, including Germany and the EU, this RCE capability presents a severe cybersecurity and compliance risk.
- GDPR Violations: Unauthorized data access resulting from compromise could trigger GDPR violations, exposing companies to heavy penalties.
- Operational Risk: System compromise can disrupt business operations and facilitate lateral movement to compromise domain controllers or confidential data stores.
✅ Immediate Action: Mitigation and Patching Steps
System administrators must prioritize rapid patching.
Step 1: Identify and Upgrade Affected Systems
The vulnerability affects all versions up to 9.4.7.1.
Immediately verify if LANSCOPE Endpoint Manager (On-Premises) is deployed and check the exact version numbers.
Upgrade all affected Client (MR) and Detection Agent (DA) components to one of the following patched versions or newer:
| Fixed Version List |
|---|
| 9.3.2.7 |
| 9.3.3.9 |
| 9.4.0.5 |
| 9.4.1.5 |
| 9.4.2.6 |
| 9.4.3.8 |
| 9.4.4.6 |
| 9.4.5.4 |
| 9.4.6.3 |
| 9.4.7.3 (or later) |
(Note: While the Management Server component is reported as unaffected, it is recommended to patch it as a precaution).
Step 2: Restrict Network Access (If Immediate Patching is Delayed)
If LANSCOPE endpoints are accessible from external networks, take immediate temporary mitigation steps:
- Limit access to trusted IPs or VPN users only.
- Temporarily disable external connectivity on TCP 443 until the update is confirmed and applied.
Step 3: Monitoring, Validation, and Internal Communication
- Monitor: Review server and endpoint logs for unusual activity. Look specifically for suspicious inbound connections or crafted HTTPS packets on port 443. Check for Indicators of Compromise (IoCs) shared by Motex or security vendors.
- Validate: After applying updates, test system stability and verify that no endpoints remain exposed to public access.
- Strengthen Security: Enforce strong authentication, least privilege configurations, endpoint firewalls, and continuous monitoring.
- Communicate: Notify your IT Security and Compliance teams immediately and set a clear patch deadline, preferably before November 12, 2025.
About LANSCOPE Endpoint Manager
LANSCOPE Endpoint Manager is an enterprise endpoint management and security solution used to monitor, manage, and protect corporate devices. Developed by Motex Inc. (Japan), its key features include Asset Management, User Activity Monitoring, Patch & Policy Management, and Access Control & Device Auditing. It is vital for corporate IT governance, endpoint visibility, and data loss prevention.
Conclusion:
CVE-2025-61932 is a critical, actively exploited vulnerability. Proactive measures, strict access control, real-time monitoring, and rapid patching are essential to prevent remote compromise and reduce exposure worldwide.
Top comments (0)