Important Lanscope Endpoint Supervisor Bug Exploited In Ongoing Cyberattacks, CISA Confirms

The U.S. Cybersecurity and Infrastructure Security Firm (CISA) on Wednesday added a vital security flaw impacting Motex Lanscope Endpoint Supervisor to its Acknowledged Exploited Vulnerabilities (KEV) catalog, stating it has been actively exploited throughout the wild.

The vulnerability, CVE-2025-61932 (CVSS v4 ranking: 9.3), impacts on-premises variations of Lanscope Endpoint Supervisor, notably Shopper program and Detection Agent, and can allow attackers to execute arbitrary code on susceptible strategies.

“Motex LANSCOPE Endpoint Supervisor includes an improper verification of provide of a communication channel vulnerability, allowing an attacker to execute arbitrary code by sending particularly crafted packets,” CISA talked about.

The flaw impacts variations 9.4.7.1 and earlier. It has been addressed throughout the variations below –

• 9.3.2.7
• 9.3.3.9
• 9.4.0.5
• 9.4.1.5
• 9.4.2.6
• 9.4.3.8
• 9.4.4.6
• 9.4.5.4
• 9.4.6.3, and
• 9.4.7.3

It’s for the time being not acknowledged how the vulnerability is being exploited in real-world assaults, who’s behind them, or the size of such efforts. Nonetheless, an alert issued by the Japan Vulnerability Notes (JVN) portal earlier this week well-known that Motex has confirmed an unnamed purchaser “acquired a malicious packet suspected to give attention to this vulnerability.”

Japan’s JPCERT/CC has moreover acknowledged energetic abuse, stating “cases of receiving unauthorized packets to certain ports have been confirmed in dwelling purchaser environments” and that the train occurred after April 2025.

Primarily based totally on the info supplied throughout the advisory, evidently the vulnerability is being exploited to drop an unspecified backdoor on compromised strategies.

In light of energetic exploitation efforts, Federal Civilian Authorities Division (FCEB) companies are advisable to remediate CVE-2025-61932 by November 12, 2025, to safeguard their networks.