Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XMotex Lanscope Endpoint Manager
APPMotex< 9.3.2.79.3.3.0 – 9.3.3.9 (bez)9.4.0.0 – 9.4.0.5 (bez)9.4.1.0 – 9.4.1.5 (bez)9.4.2.0 – 9.4.2.6 (bez)9.4.3.0 – 9.4.3.8 (bez)9.4.4.0 – 9.4.4.6 (bez)9.4.5.0 – 9.4.5.4 (bez)9.4.6.0 – 9.4.6.3 (bez)9.4.7.0 – 9.4.7.1
CISA KEV — detailsi
- Vendori
- Motex
- Producti
- LANSCOPE Endpoint Manager
- Added to KEVi
- October 22, 2025
- Remediation deadline (US Federal)i
- November 12, 2025(overdue)
Required action (CISA)i
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
CISA descriptioni
Motex LANSCOPE Endpoint Manager contains an improper verification of source of a communication channel vulnerability allowing an attacker to execute arbitrary code by sending specially crafted packets.
🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
⏰CISA DEADLINE: 12 listopada 2025
Tags
RCE
CWE