🟡 CVE-2025-61932

Critical vulnerability in Motex Lanscope Endpoint Manager allowing remote code execution through improper verification of incoming network requests. Active exploitation confirmed with CISA KEV listing.

← Back to Overview
MEDIUM_RISK
Risk Level
9.8
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 — Exploit Public-Facing Application
ATT&CK Technique
MEDIUM
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: MEDIUM

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-10-20

Added to CISA KEV: 2025-10-22 2 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2025-10-22)

CVE-2025-61932 is a critical vulnerability affecting Motex LANSCOPE Endpoint Manager (On-Premises), with a CVSS score of 9.8, indicating a severe risk [2][5].

Here's a breakdown of what is known about its exploitation:

  • Affected Applications/Services: The vulnerability affects internet-facing applications and services, specifically the Client program (MR) and Detection agent (DA) of the on-premise edition of LANSCOPE Endpoint Manager [3][1]. The Cloud Edition is not affected [5].
  • Active Exploitation: There is evidence of active exploitation in the wild [6][7].
  • Attack Vectors/Exploitation Methods: The vulnerability stems from improper verification of the origin of incoming network requests [1][3]. Attackers can exploit this by sending specially crafted packets to execute arbitrary code [3]. The attack does not require user interaction or special privileges [5][2].
  • Targeted Attacks: While the provided information confirms active exploitation, it does not specifically detail whether CVE-2025-61932 has been used in targeted attacks.
  • CISA KEV Status: CVE-2025-61932 has been added to the CISA Known Exploited Vulnerabilities Catalog, demanding immediate intervention [4][7].
  • Technical Details/Internet Exploitability: The vulnerability is due to improper verification of communication channel sources (CWE-940) [4][6]. It has low attack complexity and requires no privileges, making it an easy target for cybercriminals [2].

Sources

  1. CVE-2025-61932 - Exploits & Severity - Feedly

    NVD published the first details for CVE-2025-61932.CVE-2025-61932 9.8 Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing attackers to perform unauthorized actions. CVE-2025-11948 9.8 Document Management…

  2. CVE-2025-61932 Security Vulnerability & Exploit Details

    The exploitability of CVE-2025-61932 depends on two key factors: attack complexity (the level of effort required to execute an exploit) and privileges required (the access level an attacker needs). Exploitability Analysis for CVE-2025-61932 With low attack complexity and no required privileges, CVE-…

  3. CVE-2025-61932 : Lanscope Endpoint Manager (On-Premises) (Client ...

    Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets.

  4. Known Exploited Vulnerabilities Catalog

    CVE-2025-61932. Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability: · Related CWE: CWE-940. Known To Be ...

  5. LANSCOPE Endpoint Manager Flaw Allows Remote Code Execution

    The attack does not require user interaction, meaning systems are at risk even if no one clicks on a suspicious link or opens an email attachment. For organizations using Endpoint Manager On-Premise Edition, the risk is urgent, while users of the Cloud Edition remain unaffected. The vulnerability ca…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed