- CISA provides crucial Motex Lanscope flaw to its Known Exploited Vulnerabilities catalog
- The CVE-2025-61932 bug permits distant code execution and was exploited as a zero-day
- Agencies should patch inside three weeks; non-public corporations are strongly urged to comply with swimsuit
The US Cybersecurity and Infrastructure Security Agency (CISA) has added a crucial severity Motex Landscope Endpoint Manager flaw to its Known Exploited Vulnerabilities (KEV) catalog, signaling abuse within the wild, and urging authorities companies to use the patch instantly.
Recently, Motex mentioned it mounted an improper verification of the origin of incoming requests vulnerability, which may very well be abused to attain arbitrary code execution. It is tracked as CVE-2025-61932, and was given a severity rating of 9.3/10 (crucial).
“A vulnerability exists in the Endpoint Manager On-Premises client program (hereafter referred to as MR) and the Detection Agent (hereafter referred to as DA) that allows remote code execution,” the corporate mentioned in a safety advisory.
Zero-day
At the time the patch was launched, the vulnerability was already being exploited as a zero-day, Motex confirmed. Versions 9.4.7.2 and earlier have been mentioned to be susceptible, and the corporate confirmed there have been no workarounds out there.
On October 22, CISA added the flaw to KEV, giving Federal Civilian Executive Branch (FCEB) companies a three-week deadline to patch up or cease utilizing this system altogether. While CISA’s directive is just necessary for FCEB companies, organizations within the non-public sector would do nicely to comply with swimsuit and patch up, since cybercriminals hardly ever make the excellence between the 2.
Lanscope Endpoint Manager is an endpoint administration and safety answer developed by Motex, a subsidiary of Kyocera Communication Systems.
It is a centralized answer with options similar to asset administration, operation log acquisition, and completely different safety measures, and is obtainable as an asset/endpoint administration possibility via Amazon Web Services (AWS), and is sort of common in Japan and Asia.
While Motex confirmed abuse within the wild, it didn’t identify any victims, or attackers.
However BleepingComputer speculates the current assaults on Asahi brewery and the Askul ecommerce retailer could have been achieved via the Motex flaw. In that case, one of many ransomware teams abusing the bug is Qilin.
