Lanscope Endpoint Manager Insecure Request Origin Validation RCE
CVE-2025-61932 Published on October 20, 2025
Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets.
Known Exploited Vulnerability
This Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerabi vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Motex LANSCOPE Endpoint Manager contains an improper verification of source of a communication channel vulnerability allowing an attacker to execute arbitrary code by sending specially crafted packets.
The following remediation steps are recommended / required by November 12, 2025: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Weakness Type
Improper Verification of Source of a Communication Channel
The software establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin. When an attacker can successfully establish a communication channel from an untrusted origin, the attacker may be able to gain privileges and access unexpected functionality.
Products Associated with CVE-2025-61932
Want to know whenever a new CVE is published for Motex Lanscope Endpoint Manager? stack.watch will email you.
Affected Versions
MOTEX Inc. Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) Version Ver.9.4.7.1 and earlier is affected by CVE-2025-61932Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.