CVE-2026-25785 – A path traversal vulnerability in Lanscope Endp... (How to Fix)

Q: What is the severity of CVE-2026-25785?

CVE-2026-25785 has a CVSS score of 9.8 (CRITICAL). A path traversal vulnerability in Lanscope Endpoint Manager (On-Premises) Sub-Manager Server allows attackers to access arbitrary files outside intended directories. This can lead to file tampering and remote code execution. Organizations using affected versions of this endpoint management software are at risk.

📋 TL;DR

A path traversal vulnerability in Lanscope Endpoint Manager (On-Premises) Sub-Manager Server allows attackers to access arbitrary files outside intended directories. This can lead to file tampering and remote code execution. Organizations using affected versions of this endpoint management software are at risk.

💻 Affected Systems

Products:

Lanscope Endpoint Manager (On-Premises) Sub-Manager Server

Versions: Ver.9.4.7.3 and earlier

Operating Systems: Windows Server (typically)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects On-Premises deployments. Cloud/SaaS versions are not affected according to vendor.

📦 What is this software?

Lanscope Endpoint Manager by Motex

View all CVEs affecting Lanscope Endpoint Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with administrative privileges, data exfiltration, ransomware deployment, and lateral movement across the network.

🟠

Likely Case

Unauthorized file access leading to credential theft, configuration manipulation, and installation of backdoors or malware.

🟢

If Mitigated

Limited file access if proper network segmentation and file permissions are enforced, but still significant risk.

🌐 Internet-Facing: HIGH - If the Sub-Manager Server is exposed to the internet, attackers can directly exploit it without internal access.

🏢 Internal Only: HIGH - Even internally, any compromised user or device could exploit this to gain elevated privileges.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Path traversal vulnerabilities typically require minimal technical skill to exploit once details are known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Ver.9.4.7.4 or later

Vendor Advisory: https://www.motex.co.jp/news/notice/2026/release260225/

Restart Required: Yes

Instructions:

1. Download the latest version from the vendor portal. 2. Backup current configuration and data. 3. Run the installer to upgrade. 4. Restart the Sub-Manager Server service. 5. Verify functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate the Sub-Manager Server from untrusted networks and limit access to authorized IPs only.

File System Permissions

windows

Restrict the application's service account to minimal necessary file system permissions.

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach the Sub-Manager Server
Deploy application control/whitelisting to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check the installed version in the Lanscope Endpoint Manager console under System Information or About.

Check Version:

Check the application's About dialog or installed programs list in Windows.

Verify Fix Applied:

Confirm version is 9.4.7.4 or later and test file access functionality.

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns from the Sub-Manager Server process
Multiple failed path traversal attempts in web/application logs

Network Indicators:

Unexpected outbound connections from the Sub-Manager Server
Traffic to known malicious IPs

SIEM Query:

source="lanscope_logs" AND (event="file_access" AND path="..\\" OR path="../")

📊 Metadata

CVE ID: CVE-2026-25785

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

Published: February 25, 2026

Last Updated: February 27, 2026

🔗 References

https://jvn.jp/en/jp/JVN79096585/ Third Party Advisory
https://www.motex.co.jp/news/notice/2026/release260225/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-25785, you might also want to check these: