- CISA adds critical Motex Lanscope flaw to its Known Exploited Vulnerabilities catalog
- The CVE-2025-61932 bug enables remote code execution and was exploited as a zero-day
- Agencies must patch within three weeks; private firms are strongly urged to follow suit
The US Cybersecurity and Infrastructure Security Agency (CISA) has added a critical severity Motex Landscope Endpoint Manager flaw to its Known Exploited Vulnerabilities (KEV) catalog, signaling abuse in the wild, and urging government agencies to apply the patch immediately.
Recently, Motex said it fixed an improper verification of the origin of incoming requests vulnerability, which could be abused to achieve arbitrary code execution. It is tracked as CVE-2025-61932, and was given a severity score of 9.3/10 (critical).
“A vulnerability exists in the Endpoint Manager On-Premises client program (hereafter referred to as MR) and the Detection Agent (hereafter referred to as DA) that allows remote code execution,” the company said in a security advisory.
Zero-day
At the time the patch was released, the vulnerability was already being exploited as a zero-day, Motex confirmed. Versions 9.4.7.2 and earlier were said to be vulnerable, and the company confirmed there were no workarounds available.
On October 22, CISA added the flaw to KEV, giving Federal Civilian Executive Branch (FCEB) agencies a three-week deadline to patch up or stop using the program altogether. While CISA’s directive is only mandatory for FCEB agencies, organizations in the private sector would do well to follow suit and patch up, since cybercriminals rarely make the distinction between the two.
Lanscope Endpoint Manager is an endpoint management and security solution developed by Motex, a subsidiary of Kyocera Communication Systems.
It is a centralized solution with features such as asset management, operation log acquisition, and different security measures, and is offered as an asset/endpoint management option through Amazon Web Services (AWS), and is quite popular in Japan and Asia.
While Motex confirmed abuse in the wild, it did not name any victims, or attackers.
However BleepingComputer speculates the recent attacks on Asahi brewery and the Askul ecommerce retailer may have been done through the Motex flaw. In that case, one of the ransomware groups abusing the bug is Qilin.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
