CISA Warns Of Actively Exploited LANSCOPE Endpoint Manager Vulnerability

Attackers have been observed exploiting a new critical RCE vulnerability in Motex’s LANSCOPE Endpoint Manager, CISA warns.

Published on Oct 30, 2025

Written by Caitlin Harris

Share

Critical LANSCOPE Flaw Added To CISA’s Kev Catalog

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned of threat actors actively exploiting a vulnerability in LANSCOPE Endpoint Manager, an endpoint management and security software developed by Japanese firm, Motex.

Tracked as CVE-2025-61932, the vulnerability affects the client program (MR) and Detection Agent (DA) of LANSCOPE Endpoint Manager On-Premises Edition, versions 9.4.7.1 and earlier. The flaw causes the software to improperly verify the source of incoming communication requests, enabling attackers to send specially crafted packets and remotely execute arbitrary code.

Remote Code Execution (RCE) vulnerabilities are a popular attack vector amongst threat actors as, unlike other flaws that may only grant limited access, they give attackers almost unlimited control over the compromised system. As such, the LANSCOPE Endpoint Manager flaw has been assigned a CVSS of 9.3 and classified as critical.

With Motex having confirmed that the flaw has been exploited as a zero-day, CISA has added the vulnerability to its KEV Catalog and is urging all organizations using affected version of the endpoint management software to upgrade to a patched version immediately.

It is currently unknown which companies have fallen victim to an attack utilizing this vulnerability and which threat actors have been using it, though its active exploitation has been further confirmed by Japan’s JPCERT Coordination Center.

However, Bleeping Computer comments that the flaw may have been utilized in recent attacks on Asahi and Askul. If their speculations are correct, this would mean that the Qilin ransomware group is one of the threat actors exploiting the vulnerability.

Urgent Mitigation Required

Motex has released a patch for the vulnerability, which is available via the LANSCOPE portal on its customer support site. The company says that customers must update all client PCs, but that there is no need to upgrade the manager.

In line with BOD 22-01, federal agencies must remediate the vulnerability by November 12^th. However, CISA strongly recommends that all organizations using the LANSCOPE Endpoint Manager On-Premises Edition apply necessary updates as soon as possible to reduce their exposure to cyberattacks.

Explore More

Warning As New Attack Uses Copilot Studio Agents For OAuth Phishing

Attackers are using a new phishing technique to target Microsoft Entra ID accounts.

Caitlin Harris Last updated on Apr 22, 2026

Read Now

Written By

Caitlin Harris Deputy Head Of Content

Caitlin Harris is the Deputy Head of Content at Expert Insights. As an experienced content writer and editor, Caitlin helps cybersecurity leaders to cut through the noise in the cybersecurity space with expert analysis and insightful recommendations.

Prior to Expert Insights, Caitlin worked at QA Ltd, where she produced award-winning technical training materials, and she has also produced journalistic content over the course of her career.

Caitlin has 8 years of experience in the cybersecurity and technology space, helping technical teams, CISOs, and security professionals find clarity on complex, mission critical topics like security awareness training, backup and recovery, and endpoint protection.

Caitlin also hosts the Expert Insights Podcast and co-writes the weekly newsletter, Decrypted.