Cyber Posture

CVE-2025-61932

N/ACISA KEVActive Exploitation

Published: 20 October 2025

Published
20 October 2025
Modified
23 October 2025
KEV Added
22 October 2025
Patch
CVSS Score N/A
EPSS Score 0.0196 83.6th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-61932 is a uncategorised-severity Improper Verification of Source of a Communication Channel (CWE-940) vulnerability in Motex Lanscope Endpoint Manager. Its CVSS base score is N/A.

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 16.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly remediates the improper origin verification flaw in Lanscope Endpoint Manager's Client program (MR) and Detection agent (DA) by applying vendor patches to prevent arbitrary code execution from crafted packets.

SC-7 Boundary Protection good match
prevent

Enforces boundary protection to monitor and control network traffic, blocking unauthorized or specially crafted packets from reaching vulnerable instances of the Client program (MR) and Detection agent (DA).

SI-10 Information Input Validation good match
prevent

Requires validation of incoming network requests to verify origin, directly countering the CWE-940 vulnerability that allows arbitrary code execution via unverified packets.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

The vulnerability allows remote arbitrary code execution via specially crafted network packets due to improper origin verification, directly enabling exploitation of a public-facing or network-accessible application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets.

Deeper analysisAI

CVE-2025-61932 is a vulnerability in Lanscope Endpoint Manager (On-Premises), affecting the Client program (MR) and Detection agent (DA). It arises from improper verification of the origin of incoming requests, classified under CWE-940. This flaw allows an attacker to execute arbitrary code by sending specially crafted packets to the affected components.

An attacker with the ability to send network packets to vulnerable instances of the Client program (MR) or Detection agent (DA) can exploit this issue. Successful exploitation results in arbitrary code execution on the targeted systems, potentially compromising endpoint management functions.

Advisories published by JVN (https://jvn.jp/en/jp/JVN86318557/) and Motex (https://www.motex.co.jp/news/notice/2025/release251020/) detail the vulnerability and mitigation steps. The CVE is also listed in CISA's Known Exploited Vulnerabilities Catalog (https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61932), signaling real-world exploitation.

Details

CWE(s)
CWE-940
KEV Date Added
22 October 2025

Affected Products

motex
lanscope endpoint manager
≤ 9.3.2.7 · 9.3.3.0 — 9.3.3.9 · 9.4.0.0 — 9.4.0.5

CVEs Like This One

CVE-2019-25613Shared CWE-940
CVE-2025-23222Shared CWE-940
CVE-2026-40434Shared CWE-940
CVE-2026-33875Shared CWE-940
CVE-2026-35643Shared CWE-940

References