The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw affecting Motex Lanscope Endpoint Manager to its Known Exploited Vulnerabilities (KEV) catalog, saying the vulnerability has been actively exploited in the wild.
The flaw, identified as CVE-2025-61932 and rated CVSS v4 9.3, affects on-premises versions of Lanscope Endpoint Manager, specifically the Client program and Detection Agent, and could allow attackers to execute arbitrary code on affected systems. CISA described the issue as an improper verification of the source of a communication channel that can be triggered by specially crafted packets.
Motex has reported the flaw affects versions 9.4.7.1 and earlier and said it has been fixed in subsequent releases. The vendor notes patched versions include 9.3.2.7, 9.3.3.9, 9.4.0.5, 9.4.1.5, 9.4.2.6, 9.4.3.8, 9.4.4.6, 9.4.5.4, 9.4.6.3 and 9.4.7.3, according to its advisory on the company site addressing how the issue impacts customers.
Details about how the vulnerability is being exploited, who is conducting the attacks and the scale of activity remain unknown. The Japan Vulnerability Notes portal noted Motex confirmed an unnamed customer received a malicious packet suspected to target this vulnerability.
Federal Civilian Executive Branch agencies have been advised to remediate CVE-2025-61932 by November 12, 2025.