Particle.news
Download on the App Store

CISA Adds Motex Lanscope RCE Flaw to KEV, Citing Active Exploitation

Attackers can execute code by sending crafted packets to vulnerable on‑prem clients over TCP 443.

Overview

  • CVE-2025-61932 carries a CVSS v4 score of 9.3 and now appears in CISA’s Known Exploited Vulnerabilities catalog, triggering a November 12, 2025 remediation deadline for U.S. federal civilian agencies.
  • The issue affects Lanscope Endpoint Manager’s on‑prem Client program and Detection Agent up to version 9.4.7.1, with fixes provided in builds such as 9.3.2.7, 9.3.3.9, and 9.4.0.5 through 9.4.7.3.
  • JPCERT/CC reports the flaw has been exploited as a zero‑day since April 2025 against Japan‑based customers and has shared source and command‑and‑control IP addresses tied to the activity.
  • Motex says the SaaS/cloud offering and the management server software are not affected, but organizations should update all managed endpoints running the client or detection agent components.
  • Investigators have not confirmed the attack methods beyond the packet delivery, the responsible actors, or the breadth of impact, though JVN noted at least one customer received a malicious packet.