CVE-2025-61932
Published: 20 October 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-61932 is a vulnerability in Lanscope Endpoint Manager (On-Premises), affecting the Client program (MR) and Detection agent (DA). It arises from improper verification of the origin of incoming requests, classified under CWE-940. This flaw allows an attacker to execute arbitrary code by sending specially crafted packets to the affected components.
An attacker with the ability to send network packets to vulnerable instances of the Client program (MR) or Detection agent (DA) can exploit this issue. Successful exploitation results in arbitrary code execution on the targeted systems, potentially compromising endpoint management functions.
Advisories published by JVN (https://jvn.jp/en/jp/JVN86318557/) and Motex (https://www.motex.co.jp/news/notice/2025/release251020/) detail the vulnerability and mitigation steps. The CVE is also listed in CISA's Known Exploited Vulnerabilities Catalog (https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61932), signaling real-world exploitation.
Details
- CWE(s)
- KEV Date Added
- 22 October 2025
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability allows remote arbitrary code execution via specially crafted network packets due to improper origin verification, directly enabling exploitation of a public-facing or network-accessible application.