Oct 23, 2025Ravie LakshmananVulnerability / Risk Intelligence
The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Wednesday added a crucial safety flaw impacting Motex Lanscope Endpoint Supervisor to its Recognized Exploited Vulnerabilities (KEV) catalog, stating it has been actively exploited within the wild.
The vulnerability, CVE-2025-61932 (CVSS v4 rating: 9.3), impacts on-premises variations of Lanscope Endpoint Supervisor, particularly Consumer program and Detection Agent, and will enable attackers to execute arbitrary code on vulnerable programs.
“Motex LANSCOPE Endpoint Supervisor accommodates an improper verification of supply of a communication channel vulnerability, permitting an attacker to execute arbitrary code by sending specifically crafted packets,” CISA mentioned.
The flaw impacts variations 9.4.7.1 and earlier. It has been addressed within the variations beneath –
9.3.2.7
9.3.3.9
9.4.0.5
9.4.1.5
9.4.2.6
9.4.3.8
9.4.4.6
9.4.5.4
9.4.6.3, and
9.4.7.3
It is at present not identified how the vulnerability is being exploited in real-world assaults, who’s behind them, or the size of such efforts. Nevertheless, an alert issued by the Japan Vulnerability Notes (JVN) portal earlier this week famous that Motex has confirmed an unnamed buyer “obtained a malicious packet suspected to focus on this vulnerability.”
In mild of energetic exploitation efforts, Federal Civilian Govt Department (FCEB) companies are advisable to remediate CVE-2025-61932 by November 12, 2025, to safeguard their networks.
