- CISA Adds Critical Motex Lanscope Flaw to Its Catalog of Known Exploited Vulnerabilities
- The CVE-2025-61932 bug allows remote code execution and was exploited as a zero-day bug.
- Agencies must update the patch within three weeks; private companies are strongly encouraged to follow suit
The US Cybersecurity and Infrastructure Security Agency (CISA) has added a critical severity flaw of Motex Landscope Endpoint Manager to its catalog of known exploited vulnerabilities (KEV), reporting abuse in the wild and urging government agencies to apply the patch immediately.
Recently, Motex said it fixed a vulnerability improperly checking the origin of incoming requests, which could be abused to gain arbitrary code execution. It is tracked as CVE-2025-61932 and received a severity score of 9.3/10 (critical).
“A vulnerability exists in the Endpoint Manager On-Premises client program (hereinafter referred to as MR) and the Detection Agent (hereinafter referred to as DA) that allows remote code execution,” the company said in a security advisory.
Day Zero
At the time the patch was released, the vulnerability was already exploited as zero-day, Motex confirmed. Versions 9.4.7.2 and earlier were reportedly vulnerable and the company confirmed that no workaround was available.
On October 22, CISA added the flaw to KEV, giving federal civilian executive branch (FCEB) agencies a three-week deadline to fix or stop using the program altogether. If the CISA directive is only mandatory for FCEB agencies, private sector organizations would do well to follow suit and patch up, as cybercriminals rarely distinguish between the two.
Lanscope Endpoint Manager is an endpoint management and security solution developed by Motex, a subsidiary of Kyocera Communication Systems.
It is a centralized solution with features such as asset management, acquisition of operation logs and different security measures. It is offered as an asset/endpoint management option through Amazon Web Services (AWS) and is very popular in Japan and Asia.
Although Motex confirmed abuse in the wild, it did not name any victims or perpetrators.
However BeepComputer speculates that recent attacks on Asahi Brewery and e-commerce retailer Askul may have been carried out via the Motex vulnerability. In this case, Qilin is one of the ransomware groups abusing the bug.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
The best antivirus for every budget
