The Cybersecurity & Infrastructure Safety Company (CISA) is warning that hackers are exploiting a essential vulnerability within the Motex Landscope Endpoint Supervisor.
The flaw is tracked as CVE-2025-61932 and has a essential severity rating of 9.3. It stems from improper verification of the origin of incoming requests, and might be exploited by an unauthenticated attacker to execute arbitrary code on the system by sending specifically crafted packets.
Developed by Japanese agency Motex, a subsidiary of Kyocera Communication Techniques, Lanscope Endpoint Supervisor is an endpoint administration and security instrument that gives unified management throughout desktop and cell gadgets.
The product is obtainable as an asset/endpoint administration possibility via AWS (Amazon Internet Providers), and is especially common in Japan and Asia.
A security bulletin from the seller earlier this week highlights the pressing want to use the most recent updates, noting the elevated threat for exploitation.
“A vulnerability exists within the Endpoint Supervisor On-Premises consumer program (hereafter known as MR) and the Detection Agent (hereafter known as DA) that enables distant code execution,” Motex introduced (machine translated).
The corporate confirmed that some buyer environments had already acquired malicious packets, indicating that the vulnerability has been exploited as a zero-day.
“Moreover, there have already been confirmed circumstances in buyer environments the place unauthorized packets have been acquired from exterior sources,” Motex mentioned.
CVE-2025-61932 impacts Lanscope Endpoint Supervisor variations 9.4.7.2 and earlier, whereas fixes have been made obtainable within the following releases:
| 9.3.2.7 | 9.4.3.8 |
| 9.3.3.9 | 9.4.4.6 |
| 9.4.0.5 | 9.4.5.4 |
| 9.4.1.5 | 9.4.6.3 |
| 9.4.2.6 | 9.4.7.3 |
The seller underlines that the vulnerability impacts the consumer aspect, and prospects don’t have to improve the supervisor.
There aren’t any workarounds or mitigations for CVE-2025-61932, and putting in the replace is the answer to deal with the security downside.
Motex has not shared any particulars concerning the noticed malicious exercise. Japan’s CERT Coordination Middle additionally warned that it acquired details about menace actors exploiting CVE-2025-61932 in assaults on home organizations.
BleepingComputer contacted the seller to ask for extra data, and we’ll replace this put up once we hear again.
CISA added CVE-2025-61932 to its Recognized Exploited Vulnerabilities (KEV) catalog yesterday, setting November 12 because the obligatory patch deadline for all federal businesses and authorities organizations topic to the BOD 22-01 directive.
Whereas the directive is simply obligatory for particular entities, the KEV catalog ought to function steering for personal organizations.
Though not but linked to the CVE-2025-61932
Exploitation exercise in Japan seems to have elevated recently, as some high-profile corporations within the nation disclosed breaches not too long ago, comparable to the Qilin ransomware assault on Asahi brewery, and the breach at Askul e-commerce retailer that impacted on-line gross sales at retail big Muji.
46% of environments had passwords cracked, practically doubling from 25% final 12 months.
Get the Picus Blue Report 2025 now for a complete have a look at extra findings on prevention, detection, and knowledge exfiltration tendencies.
