CVE-2025-61932
BaseFortify
Publication date: 2025-10-20
Last updated on: 2025-10-23
Assigner: JPCERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| motex | lanscope_endpoint_manager | to 9.3.2.7 (exc) |
| motex | lanscope_endpoint_manager | From 9.3.3.0 (inc) to 9.3.3.9 (exc) |
| motex | lanscope_endpoint_manager | From 9.4.0.0 (inc) to 9.4.0.5 (exc) |
| motex | lanscope_endpoint_manager | From 9.4.1.0 (inc) to 9.4.1.5 (exc) |
| motex | lanscope_endpoint_manager | From 9.4.2.0 (inc) to 9.4.2.6 (exc) |
| motex | lanscope_endpoint_manager | From 9.4.3.0 (inc) to 9.4.3.8 (exc) |
| motex | lanscope_endpoint_manager | From 9.4.4.0 (inc) to 9.4.4.6 (exc) |
| motex | lanscope_endpoint_manager | From 9.4.5.0 (inc) to 9.4.5.4 (exc) |
| motex | lanscope_endpoint_manager | From 9.4.6.0 (inc) to 9.4.6.3 (exc) |
| motex | lanscope_endpoint_manager | From 9.4.7.0 (inc) to 9.4.7.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-940 | The product establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-61932 is a vulnerability in the on-premises version of Lanscope Endpoint Manager by MOTEX. It occurs because the software improperly verifies the origin of incoming requests, allowing an attacker to send specially crafted packets that can execute arbitrary code remotely on affected systems. This means an attacker can take control of the system without authorization by exploiting this flaw. [1, 2]
How can this vulnerability impact me? :
This vulnerability can have a severe impact by allowing remote attackers to execute arbitrary code on your systems running Lanscope Endpoint Manager (On-Premises). This can compromise system integrity, lead to unauthorized access, data breaches, disruption of services, and potentially allow attackers to control or damage your endpoint environment. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, users should update Lanscope Endpoint Manager (On-Premises) to the latest product versions provided by MOTEX. Until updates are applied, it is recommended to apply the workaround detailed in the official communications from MOTEX. These steps help prevent exploitation of the vulnerability by blocking or addressing the improper verification of incoming requests. [2]