CVE-2025-61932

Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://jvn.jp/en/jp/JVN86318557/	Third Party Advisory
https://www.motex.co.jp/news/notice/2025/release251020/	Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61932	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:motex:lanscope_endpoint_manager:::::on-premise:::*
	cpe:2.3:a:motex:lanscope_endpoint_manager:::::on-premise:::*
	cpe:2.3:a:motex:lanscope_endpoint_manager:::::on-premise:::*
	cpe:2.3:a:motex:lanscope_endpoint_manager:::::on-premise:::*
	cpe:2.3:a:motex:lanscope_endpoint_manager:::::on-premise:::*
	cpe:2.3:a:motex:lanscope_endpoint_manager:::::on-premise:::*
	cpe:2.3:a:motex:lanscope_endpoint_manager:::::on-premise:::*
	cpe:2.3:a:motex:lanscope_endpoint_manager:::::on-premise:::*
	cpe:2.3:a:motex:lanscope_endpoint_manager:::::on-premise:::*
	cpe:2.3:a:motex:lanscope_endpoint_manager:::::on-premise:::*

History

No history.

Information

Published : 2025-10-20 08:15

Updated : 2025-10-23 13:00

NVD link : CVE-2025-61932

Mitre link : CVE-2025-61932

CVE.ORG link : CVE-2025-61932

JSON object : View

Products Affected

motex

lanscope_endpoint_manager

CWE

CWE-940

Improper Verification of Source of a Communication Channel

{"id": "CVE-2025-61932", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-10-20T08:15:33.303", "references": [{"url": "https://jvn.jp/en/jp/JVN86318557/", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://www.motex.co.jp/news/notice/2025/release251020/", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61932", "tags": ["Third Party Advisory", "US Government Resource"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-940"}]}], "descriptions": [{"lang": "en", "value": "Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets."}], "lastModified": "2025-10-23T13:00:14.270", "cisaActionDue": "2025-11-12", "cisaExploitAdd": "2025-10-22", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:motex:lanscope_endpoint_manager:*:*:*:*:on-premise:*:*:*", "vulnerable": true, "matchCriteriaId": "F9AF3F85-064B-469C-B530-7264EF91A04F", "versionEndExcluding": "9.3.2.7"}, {"criteria": "cpe:2.3:a:motex:lanscope_endpoint_manager:*:*:*:*:on-premise:*:*:*", "vulnerable": true, "matchCriteriaId": "99DC2ADE-F5D6-45F9-B529-11C492FCDD31", "versionEndExcluding": "9.3.3.9", "versionStartIncluding": "9.3.3.0"}, {"criteria": "cpe:2.3:a:motex:lanscope_endpoint_manager:*:*:*:*:on-premise:*:*:*", "vulnerable": true, "matchCriteriaId": "431F6B9C-8A9C-45FD-B287-E9E1D2B3ECEE", "versionEndExcluding": "9.4.0.5", "versionStartIncluding": "9.4.0.0"}, {"criteria": "cpe:2.3:a:motex:lanscope_endpoint_manager:*:*:*:*:on-premise:*:*:*", "vulnerable": true, "matchCriteriaId": "B2398AA5-1CFD-41BA-8229-84DAC45D9382", "versionEndExcluding": "9.4.1.5", "versionStartIncluding": "9.4.1.0"}, {"criteria": "cpe:2.3:a:motex:lanscope_endpoint_manager:*:*:*:*:on-premise:*:*:*", "vulnerable": true, "matchCriteriaId": "0429C621-5DDE-4773-99D3-A20DC0C4798F", "versionEndExcluding": "9.4.2.6", "versionStartIncluding": "9.4.2.0"}, {"criteria": "cpe:2.3:a:motex:lanscope_endpoint_manager:*:*:*:*:on-premise:*:*:*", "vulnerable": true, "matchCriteriaId": "034F13F1-D926-4298-BCC9-DF424591CBF1", "versionEndExcluding": "9.4.3.8", "versionStartIncluding": "9.4.3.0"}, {"criteria": "cpe:2.3:a:motex:lanscope_endpoint_manager:*:*:*:*:on-premise:*:*:*", "vulnerable": true, "matchCriteriaId": "66C87047-9DE9-4CE8-80A9-AEBEB58B8402", "versionEndExcluding": "9.4.4.6", "versionStartIncluding": "9.4.4.0"}, {"criteria": "cpe:2.3:a:motex:lanscope_endpoint_manager:*:*:*:*:on-premise:*:*:*", "vulnerable": true, "matchCriteriaId": "8FF0B7EE-805A-431D-96E5-BF5BDDD3178E", "versionEndExcluding": "9.4.5.4", "versionStartIncluding": "9.4.5.0"}, {"criteria": "cpe:2.3:a:motex:lanscope_endpoint_manager:*:*:*:*:on-premise:*:*:*", "vulnerable": true, "matchCriteriaId": "21520838-C0C4-4F66-B5C6-1B6231225FF1", "versionEndExcluding": "9.4.6.3", "versionStartIncluding": "9.4.6.0"}, {"criteria": "cpe:2.3:a:motex:lanscope_endpoint_manager:*:*:*:*:on-premise:*:*:*", "vulnerable": true, "matchCriteriaId": "C669A3EF-3A71-46C0-B1FB-455CBB78B887", "versionEndIncluding": "9.4.7.1", "versionStartIncluding": "9.4.7.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]", "cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability"}