Home

Description

Path traversal vulnerability exists in Lanscope Endpoint Manager (On-Premises) Sub-Manager Server Ver.9.4.7.3 and earlier, which may allow an attacker to tamper with arbitrary files and execute arbitrary code on the affected system.

PUBLISHED Reserved 2026-02-16 | Published 2026-02-25 | Updated 2026-02-25 | Assigner jpcert




CRITICAL: 9.8CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

Improper limitation of a pathname to a restricted directory ('Path Traversal')

Product status

Ver.9.4.7.3 and earlier
affected

References

www.motex.co.jp/news/notice/2026/release260225/

jvn.jp/en/jp/JVN79096585/

cve.org (CVE-2026-25785)

nvd.nist.gov (CVE-2026-25785)

Download JSON