Pierluigi Paganini October 23, 2025

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Motex LANSCOPE flaw to its Known Exploited Vulnerabilities catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Motex LANSCOPE flaw, tracked as CVE-2025-61932 (CVSS v4 score of 9.3), to its Known Exploited Vulnerabilities (KEV) catalog.

The flaw is an improper verification of source of a communication channel vulnerability that allows an attacker to execute arbitrary code by sending specially crafted packets.

A flaw in the on-premises client and detection agent of Lanscope Endpoint Manager allows remote code execution via specially crafted packets due to improper request origin validation.

“Motex LANSCOPE Endpoint Manager contains an improper verification of source of a communication channel vulnerability allowing an attacker to execute arbitrary code by sending specially crafted packets.” reads the advisory.

The vulnerability impacts versions 9.4.7.1 and earlier. The following versions address the flaw:

• 9.3.2.7
• 9.3.3.9
• 9.4.0.5
• 9.4.1.5
• 9.4.2.6
• 9.4.3.8
• 9.4.4.6
• 9.4.5.4
• 9.4.6.3, and
• 9.4.7.3

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix the vulnerabilities by November 12, 2025.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CISA)