The Cybersecurity & Infrastructure Safety Company (CISA) is warning that hackers are exploiting a essential vulnerability within the Motex Landscope Endpoint Supervisor.
The flaw is tracked as CVE-2025-61932 and has a essential severity rating of 9.3. It stems from improper verification of the origin of incoming requests, and might be exploited by an unauthenticated attacker to execute arbitrary code on the system by sending specifically crafted packets.
Developed by Japanese agency Motex, a subsidiary of Kyocera Communication Methods, Lanscope Endpoint Supervisor is an endpoint administration and safety software that gives unified management throughout desktop and cellular units.
The product is obtainable as an asset/endpoint administration choice by way of AWS (Amazon Internet Companies), and is especially well-liked in Japan and Asia.
A safety bulletin from the seller earlier this week highlights the pressing want to use the most recent updates, noting the elevated threat for exploitation.
“A vulnerability exists within the Endpoint Supervisor On-Premises shopper program (hereafter known as MR) and the Detection Agent (hereafter known as DA) that enables distant code execution,” Motex introduced (machine translated).
The corporate confirmed that some buyer environments had already acquired malicious packets, indicating that the vulnerability has been exploited as a zero-day.
“Moreover, there have already been confirmed instances in buyer environments the place unauthorized packets had been acquired from exterior sources,” Motex stated.
CVE-2025-61932 impacts Lanscope Endpoint Supervisor variations 9.4.7.2 and earlier, whereas fixes had been made out there within the following releases:
| 9.3.2.7 | 9.4.3.8 |
| 9.3.3.9 | 9.4.4.6 |
| 9.4.0.5 | 9.4.5.4 |
| 9.4.1.5 | 9.4.6.3 |
| 9.4.2.6 | 9.4.7.3 |
The seller underlines that the vulnerability impacts the shopper facet, and clients don’t must improve the supervisor.
There aren’t any workarounds or mitigations for CVE-2025-61932, and putting in the replace is the answer to deal with the safety drawback.
Motex has not shared any particulars concerning the noticed malicious exercise. Japan’s CERT Coordination Heart additionally warned that it acquired details about risk actors exploiting CVE-2025-61932 in assaults on home organizations.
BleepingComputer contacted the seller to ask for extra data, and we are going to replace this publish once we hear again.
CISA added CVE-2025-61932 to its Identified Exploited Vulnerabilities (KEV) catalog yesterday, setting November 12 because the necessary patch deadline for all federal companies and authorities organizations topic to the BOD 22-01 directive.
Whereas the directive is simply obligatory for particular entities, the KEV catalog ought to function steering for personal organizations.
Though not but linked to the CVE-2025-61932
Exploitation exercise in Japan seems to have elevated recently, as some high-profile firms within the nation disclosed breaches just lately, similar to the Qilin ransomware assault on Asahi brewery, and the breach at Askul e-commerce retailer that impacted on-line gross sales at retail big Muji.
46% of environments had passwords cracked, practically doubling from 25% final yr.
Get the Picus Blue Report 2025 now for a complete take a look at extra findings on prevention, detection, and information exfiltration tendencies.
