Overview
- CVE-2025-61932 carries a CVSS v4 score of 9.3 and now appears in CISA’s Known Exploited Vulnerabilities catalog, triggering a November 12, 2025 remediation deadline for U.S. federal civilian agencies.
- The issue affects Lanscope Endpoint Manager’s on‑prem Client program and Detection Agent up to version 9.4.7.1, with fixes provided in builds such as 9.3.2.7, 9.3.3.9, and 9.4.0.5 through 9.4.7.3.
- JPCERT/CC reports the flaw has been exploited as a zero‑day since April 2025 against Japan‑based customers and has shared source and command‑and‑control IP addresses tied to the activity.
- Motex says the SaaS/cloud offering and the management server software are not affected, but organizations should update all managed endpoints running the client or detection agent components.
- Investigators have not confirmed the attack methods beyond the packet delivery, the responsible actors, or the breadth of impact, though JVN noted at least one customer received a malicious packet.