[Japanese]

JVNDB-2025-000088

Lanscope Endpoint Manager (On-Premises) vulnerable to improper verification of source of a communication channel

Overview

Lanscope Endpoint Manager (On-Premises) provided by MOTEX Inc. contains the following vulnerability.
  • Improper verification of source of a communication channel (CWE-940) - CVE-2025-61932

MOTEX Inc. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and MOTEX Inc. coordinated under the Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 9.8 (Critical) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
Affected Products


MOTEX Inc.
  • LANSCOPE Endpoint Manager On-Premises Edition Ver.9.4.7.1 and earlier (Client program (MR), Detection agent (DA))

Lanscope Endpoint Manager (Cloud) is not affected by the vulnerability.
Impact

A specially crafted packet sent by an attacker could cause arbitrary code execution in the affected products.
Solution

[Update the Products]
Update the products to the fixed version.

[Apply the Workaround]
The developer recommends that users apply the workaround until the products are updated.


For more details, refer to the information provided by the developer.
Vendor Information

MOTEX Inc.
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2025-61932
References

  1. JVN : JVN#86318557
Revision History

  • [2025/10/20]
      Web page was published
  • [2025/10/22]
      Affected Products : Content was added
      Solution was modified

Date Public2025/10/20
Date First Published2025/10/20
Date Last Updated2025/10/22