- CISA adds critical Motex Lanscope flaws to its catalog of known exploited vulnerabilities
- The CVE-2025-61932 flaw allows remote code execution and was exploited as a zero-day
- Agencies must patch within three weeks; private companies are strongly encouraged to follow suit
The US Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Motex Landscope Endpoint Manager flaw to its KEV (Known Exploited Vulnerabilities) catalog, signaling abuse in the wild and urging government agencies to apply the patch immediately.
Recently, Motex said it fixed an improper verification of the origin of incoming requests vulnerability that could be abused to achieve arbitrary code execution. It is tracked as CVE-2025-61932 and received a severity score of 9.3/10 (Critical).
“A vulnerability exists in the Endpoint Manager On-Premises client program (hereafter referred to as MR) and the detection agent (hereafter referred to as DA) that allows remote code execution,” the company said in a security advisory.
Zero day
At the time the patch was released, the vulnerability was already being exploited as a zero-day, Motex confirmed. Versions 9.4.7.2 and earlier were said to be vulnerable, and the company confirmed that there were no workarounds available.
On October 22, CISA added the flaw to KEV, giving Federal Civilian Executive Branch (FCEB) agencies a three-week deadline to correct or stop using the program altogether. While CISA’s directive is only mandatory for FCEB agencies, private sector organizations would do well to follow suit and patch up, as cybercriminals rarely distinguish between the two.
Lanscope Endpoint Manager is an endpoint management and security solution developed by Motex, a subsidiary of Kyocera Communication Systems.
It is a centralized solution with features such as asset management, operation log acquisition and various security measures and is offered as an asset/endpoint management option through Amazon Web Services (AWS), and is quite popular in Japan and Asia.
While Motex confirmed abuse in nature, it did not name any victims or attackers.
However Bleeping Computer speculates that the recent attacks on Asahi Brewery and Askul-e trading retailer may have happened through the Motex bug. If so, one of the ransomware groups exploiting the flaw is Qilin.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
The best antivirus for all budgets
