JVNDB-2025-000088

[Japanese]
JVNDB-2025-000088
Lanscope Endpoint Manager (On-Premises) vulnerable to improper verification of source of a communication channel
Overview
Lanscope Endpoint Manager (On-Premises) provided by MOTEX Inc. contains the following vulnerability. Improper verification of source of a communication channel (CWE-940) - CVE-2025-61932 MOTEX Inc. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and MOTEX Inc. coordinated under the Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)
CVSS V3 Severity: Base Metrics 9.8 (Critical) [IPA Score] Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality Impact: High Integrity Impact: High Availability Impact: High
Affected Products

MOTEX Inc. LANSCOPE Endpoint Manager On-Premises Edition Ver.9.4.7.1 and earlier (Client program (MR), Detection agent (DA))

Impact
A specially crafted packet sent by an attacker could cause arbitrary code execution in the affected products.
Solution
[Update the Products] Update the products to the latest version. [Apply the Workaround] The developer recommends that users apply the workaround until the products are updated. For more details, refer to the information provided by the developer.
Vendor Information
MOTEX Inc. MOTEX.Inc : [Important Notice] : Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager (On-Premises) (CVE-2025-61932) (in Japanese)
CWE (What is CWE?)
No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)
CVE-2025-61932
References
JVN : JVN#86318557
Revision History
[2025/10/20] Web page was published


Date Public	2025/10/20
Date First Published	2025/10/20
Date Last Updated	2025/10/20

Lanscope Endpoint Manager (On-Premises) vulnerable to improper verification of source of a communication channel