Home

Description

Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets.

PUBLISHED Reserved 2025-10-06 | Published 2025-10-20 | Updated 2025-10-22 | Assigner jpcert




CRITICAL: 9.8CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA Known Exploited Vulnerability

Date added 2025-10-22 | Due date 2025-11-12

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Problem types

Improper Verification of Source of a Communication Channel

Product status

Ver.9.4.7.1 and earlier
affected

References

www.motex.co.jp/news/notice/2025/release251020/

jvn.jp/en/jp/JVN86318557/

cve.org (CVE-2025-61932)

nvd.nist.gov (CVE-2025-61932)

Download JSON