[Japanese]

JVNDB-2026-000026

Lanscope Endpoint Manager (On-Premises) vulnerable to path traversal

Overview

Lanscope Endpoint Manager (On-Premises) provided by MOTEX Inc. contains the following vulnerability.
  • Path traversal (CWE-22) - CVE-2026-25785
The following people reported this vulnerability to MOTEX Inc. and coordinated with the vendor. After the coordination was completed, MOTEX Inc. reported the case to IPA in order to notify users of the solution through JVN.
Reporter: Kazuki Furukawa, Yuma Taki, Kota Takeda, Ippei Kakurai, Masaaki Chida, Denis Faiustov of GMO Cybersecurity by Ierae, Inc.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 9.8 (Critical) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
Affected Products

Lanscope Endpoint Manager (Cloud) is not affected by the vulnerability.

MOTEX Inc.
  • LANSCOPE Endpoint Manager On-Premises Edition Sub-Manager Server Ver.9.4.7.3 and earlier

Impact

An attacker may be able to tamper with arbitrary files on a Windows system where the affected product is installed, potentially allowing arbitrary code execution on the system.
Solution

[Update the software]
Update the software to the latest version according to the information provided by the developer.
Vendor Information

MOTEX Inc.
CWE (What is CWE?)

  1. Path Traversal(CWE-22) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2026-25785
References

  1. JVN : JVN#79096585
Revision History

  • [2026/02/25]
      Web page was published

Date Public2026/02/25
Date First Published2026/02/25
Date Last Updated2026/02/25