Full Report
The Cybersecurity & Infrastructure Security Agency (CISA) is warning that hackers are exploiting a critical vulnerability in the Motex Landscope Endpoint Manager. [...]
Analysis Summary
# Vulnerability: Critical RCE in Lanscope Endpoint Manager via Improper Request Origin Verification
## CVE Details
- CVE ID: CVE-2025-61932
- CVSS Score: 9.3 (Critical)
- CWE: Improper Verification of Request Origin
## Affected Systems
- Products: Motex Lanscope Endpoint Manager (On-Premises client program - MR, and Detection Agent - DA)
- Versions: Version 9.4.7.2 and earlier
- Configurations: Impacts the client side installation of the product.
## Vulnerability Description
The vulnerability stems from improper verification of the origin of incoming requests within the Lanscope Endpoint Manager components (MR client and DA agent). This flaw allows an unauthenticated remote attacker to potentially execute arbitrary code on the affected system by sending specially crafted network packets to the endpoint. This has been observed being exploited in the wild.
## Exploitation
- Status: Exploited in the wild (Reported zero-day exploitation by Motex and CISA KEV inclusion)
- Complexity: Low (Implied by ability of unauthenticated attacker to send crafted packets)
- Attack Vector: Network
## Impact
- Confidentiality: High (Potential for full system compromise)
- Integrity: High (Potential for full system compromise)
- Availability: High (Potential for system disruption or takeover)
## Remediation
### Patches
The following Patch versions resolve the vulnerability:
- 9.3.2.7
- 9.3.3.9
- 9.4.0.5
- 9.4.1.5
- 9.4.2.6
- 9.4.3.8
- 9.4.4.6
- 9.4.5.4
- 9.4.6.3
- 9.4.7.3
*Note: The vendor emphasized that upgrading the Endpoint Manager server component is **not** necessary; only the client program installations need updating.*
### Workarounds
- No workarounds or mitigations have been identified or published by the vendor at this time. Applying the mentioned patches is the confirmed solution.
## Detection
- **Indicators of Compromise:** Unauthorized reception of malicious, specially crafted packets targeting the Lanscope Endpoint Manager components.
- **Detection methods and tools:** Given active exploitation, proactive network monitoring for unusual incoming traffic targeting the MR/DA services is recommended, though specific signatures were not detailed in the provided text.
## References
- Vendor Advisory (Machine Translated): hxxps://www.motex.co.jp/news/notice/2025/release251020/
- CISA KEV Catalog Entry: hxxp://www.cisa.gov/news-events/alerts/2025/10/22/cisa-adds-one-known-exploited-vulnerability-catalog
- JPCERT Warning: hxxps://www.jpcert.or.jp/newsflash/2025102001.html