CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2025-61932

CVSS 9.3v4.0pub. 2025-10-20upd. 2025-10-23

Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Motex Lanscope Endpoint Manager

    APP
    Motex
    < 9.3.2.79.3.3.0 – 9.3.3.9 (bez)9.4.0.0 – 9.4.0.5 (bez)9.4.1.0 – 9.4.1.5 (bez)9.4.2.0 – 9.4.2.6 (bez)9.4.3.0 – 9.4.3.8 (bez)9.4.4.0 – 9.4.4.6 (bez)9.4.5.0 – 9.4.5.4 (bez)9.4.6.0 – 9.4.6.3 (bez)9.4.7.0 – 9.4.7.1

CISA KEV — detailsi

Vendori
Motex
Producti
LANSCOPE Endpoint Manager
Added to KEVi
October 22, 2025
Remediation deadline (US Federal)i
November 12, 2025(overdue)
Required action (CISA)i

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

Motex LANSCOPE Endpoint Manager contains an improper verification of source of a communication channel vulnerability allowing an attacker to execute arbitrary code by sending specially crafted packets.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 12 listopada 2025
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2026-25785CRITICAL9.3PL ✓ten sam produkt

Path Traversal w Motex Lanscope Endpoint Manager umożliwia RCE

CVE-2019-6026HIGH7.8ten sam vendor

Privilege escalation vulnerability in Multiple MOTEX products (LanScope Cat client program (MR) and LanScope C...