CVE-2025-61932 – CVE-2025-61932 is a critical vulnerability in L... (How to Fix)

Q: What is the severity of CVE-2025-61932?

CVE-2025-61932 has a CVSS score of 9.8 (CRITICAL). CVE-2025-61932 is a critical vulnerability in Lanscope Endpoint Manager (On-Premises) that allows unauthenticated remote attackers to execute arbitrary code by sending specially crafted packets. This affects both the Client program (MR) and Detection agent (DA) components. Organizations using vulnerable versions of Lanscope Endpoint Manager are at risk of complete system compromise.

📋 TL;DR

CVE-2025-61932 is a critical vulnerability in Lanscope Endpoint Manager (On-Premises) that allows unauthenticated remote attackers to execute arbitrary code by sending specially crafted packets. This affects both the Client program (MR) and Detection agent (DA) components. Organizations using vulnerable versions of Lanscope Endpoint Manager are at risk of complete system compromise.

💻 Affected Systems

Products:

Lanscope Endpoint Manager (On-Premises)

Versions: Specific versions not detailed in references; all versions prior to patched release are likely affected

Operating Systems: Windows, Linux (for server components)

Default Config Vulnerable: ⚠️ Yes

Notes: Both Client program (MR) and Detection agent (DA) components are vulnerable. On-premises deployments only.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining administrative privileges, deploying ransomware, stealing sensitive data, and pivoting to other network systems.

🟠

Likely Case

Initial foothold leading to lateral movement, data exfiltration, and deployment of additional malware payloads.

🟢

If Mitigated

Limited impact if network segmentation and strict firewall rules prevent exploitation attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

CISA has added this to their Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in references; check vendor advisory for exact version

Vendor Advisory: https://www.motex.co.jp/news/notice/2025/release251020/

Restart Required: Yes

Instructions:

1. Review vendor advisory at provided URL. 2. Download and apply the latest patch from Lanscope/Motex. 3. Restart affected Lanscope services. 4. Verify patch application.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Lanscope management servers and agents from untrusted networks

Firewall Restrictions

all

Block unnecessary inbound traffic to Lanscope management ports

🧯 If You Can't Patch

Immediately isolate affected systems from production networks
Implement strict network access controls and monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check Lanscope Endpoint Manager version against vendor advisory. Monitor for unexpected network connections to Lanscope services.

Check Version:

Check Lanscope console or agent properties for version information

Verify Fix Applied:

Verify patch installation through Lanscope management console and confirm version matches patched release.

📡 Detection & Monitoring

Log Indicators:

Unexpected process creation from Lanscope services
Authentication failures or unusual access patterns

Network Indicators:

Unusual outbound connections from Lanscope servers
Suspicious packet patterns to Lanscope management ports

SIEM Query:

source="lanscope*" AND (event_type="process_creation" OR dest_port="[lanscope_port]" AND protocol="TCP")

📊 Metadata

CVE ID: CVE-2025-61932

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-940

EPSS Score: 8.68% exploit probability (92.3th percentile)

CISA KEV: Actively Exploited added Oct 22, 2025

Published: October 20, 2025

Last Updated: October 23, 2025

🔗 References

https://jvn.jp/en/jp/JVN86318557/ Third Party Advisory
https://www.motex.co.jp/news/notice/2025/release251020/ Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61932 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-61932, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Lanscope Endpoint Manager by Motex

Lanscope Endpoint Manager by Motex

Lanscope Endpoint Manager by Motex

Lanscope Endpoint Manager by Motex

Lanscope Endpoint Manager by Motex

Lanscope Endpoint Manager by Motex

Lanscope Endpoint Manager by Motex

Lanscope Endpoint Manager by Motex

Lanscope Endpoint Manager by Motex

Lanscope Endpoint Manager by Motex

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Firewall Restrictions

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities