JVN#86318557
Lanscope Endpoint Manager (On-Premises) vulnerable to improper verification of source of a communication channel
Critical
Overview
Lanscope Endpoint Manager (On-Premises) provided by MOTEX Inc. contains a vulnreability that leads to arbitrary code execution due to improper verification of source of a communication channel (CWE-940).
Products Affected
- Lanscope Endpoint Manager (On-Premises) Ver.9.4.7.1 and earlier
- Client program (MR)
- Detection agent (DA)
Description
Lanscope Endpoint Manager (On-Premises) provided by MOTEX Inc. contains the following vulnerability.
- Improper verification of source of a communication channel (CWE-940)
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 9.3
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score 9.8
- CVE-2025-61932
Impact
A specially crafted packet sent by an attacker could cause arbitrary code execution in the affected products.
Solution
Update the Products
Update the products to the latest version.
Apply the Workaround
The developer recommends that users apply the workaround until the products are updated.
For more details, refer to the information provided by the developer.
Vendor Status
References
-
JPCERT/CC CyberNewsFlash 2025-10-20
Regarding a vulnerability (CVE-2025-61932) in Lanscope Endpoint Manager (On-Premises) to improper verification of source of a communication channel (Text in Japanese)
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Credit
MOTEX Inc. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and MOTEX Inc. coordinated under the Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2025-61932 |
| JVN iPedia |
JVNDB-2025-000088 |
Update History
- 2025/10/20
- Information under the section [References] was updated