JVN#79096585
Lanscope Endpoint Manager (On-Premises) vulnerable to path traversal
Overview
Lanscope Endpoint Manager (On-Premises) provided by MOTEX Inc. contains a path traversal vulnerability.
Products Affected
- Lanscope Endpoint Manager (On-Premises) Sub-Manager Server Ver.9.4.7.3 and earlier
Description
Lanscope Endpoint Manager (On-Premises) provided by MOTEX Inc. contains the following vulnerability.
- Path traversal (CWE-22)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 9.3
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 9.8
- CVE-2026-25785
Impact
An attacker may be able to tamper with arbitrary files on a Windows system where the affected product is installed, potentially allowing arbitrary code execution on the system.
Solution
Update the software
Update the software to the latest version according to the information provided by the developer.
Vendor Status
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
The following people reported this vulnerability to MOTEX Inc. and coordinated with the vendor. After the coordination was completed, MOTEX Inc. reported the case to IPA in order to notify users of the solution through JVN.
Reporter: Kazuki Furukawa, Yuma Taki, Kota Takeda, Ippei Kakurai, Masaaki Chida, Denis Faiustov of GMO Cybersecurity by Ierae, Inc.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2026-25785 |
| JVN iPedia |
JVNDB-2026-000026 |