The Lanscope Endpoint Manager flaw has sparked serious cybersecurity concerns as attackers exploit it in the wild. The vulnerability, tracked as CVE-2025-61932, enables unauthenticated remote code execution on affected systems. The Cybersecurity and Infrastructure Security Agency (CISA) added it to its Known Exploited Vulnerabilities catalog and urged organizations to apply patches without delay.
Details of the Vulnerability
Motex, now part of Kyocera, develops Lanscope Endpoint Manager, a tool businesses use to monitor employee devices and network activity.
The flaw stems from how the software verifies the origin of web requests. Attackers can send crafted requests that allow them to run arbitrary code remotely without authentication. With a severity score of 9.3 out of 10, this vulnerability poses a serious threat to enterprises running unpatched or internet-exposed instances.
Exploitation in the Wild
Security researchers have confirmed that attackers already use the Lanscope Endpoint Manager flaw in real-world attacks. Most incidents appear in Japan, where many organizations rely on the software. Attackers exploit this flaw to gain full control over vulnerable systems and deploy additional malware.
Because the exploit requires no authentication, unpatched servers face immediate risk. The fast pace of weaponization forced CISA to respond quickly to protect federal networks.
CISA’s Response and Patch Deadline
CISA added CVE-2025-61932 to its Known Exploited Vulnerabilities catalog and required all federal agencies to apply the official patch by November 12, 2025. The agency also advised private companies to install the fix and restrict internet exposure until updates are complete.
Motex released a patched version of Lanscope Endpoint Manager that eliminates the vulnerability. Since no workarounds exist, applying the update remains the only effective protection.
Strengthening Enterprise Security
Organizations should act quickly to patch Lanscope Endpoint Manager and review their endpoint protection strategy. Security teams must limit access to management consoles, perform regular vulnerability scans, and monitor for unusual network activity.
This incident highlights how endpoint management tools can become targets for attackers when administrators delay critical updates.
Conclusion
The Lanscope Endpoint Manager flaw allows unauthenticated remote code execution and has already been exploited in active attacks. CISA and Motex urge organizations to update immediately to prevent further compromise. Staying current with patches and maintaining strong network controls remain the most effective defenses against modern exploitation campaigns.
0 responses to “Lanscope Endpoint Manager Flaw Exploited in Active Attacks”