CVE-2025-61932

CVSS 9.3 CRITICALEPSS 2.7%● KEVCWE-940

In short

Lanscope Endpoint Manager allows attackers to run malicious code on computers by sending specially crafted packets because the software doesn't properly check where requests come from.

Technical detail

CWE-940 vulnerability in Lanscope Endpoint Manager's Client program and Detection agent fails to validate request origin, enabling arbitrary code execution via crafted packet injection. No authentication or user interaction required; local network access or ability to reach the service constitutes the attack vector.

Summary generated and translated by AI from the official description.

Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

MOTEX Inc. · Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA))

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://jvn.jp/en/jp/JVN86318557/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61932 https://www.motex.co.jp/news/notice/2025/release251020/