CVE-2025-61932

CRITICAL KEV

Lanscope Endpoint Manager - SSRF

Title source: llm

Description

Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets.

References (3)

[Third Party Advisory] https://jvn.jp/en/jp/JVN86318557/

[Vendor Advisory] https://www.motex.co.jp/news/notice/2025/release251020/

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-61932

Scores

CVSS v3 9.8

EPSS 0.0145

EPSS Percentile 80.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2025-10-22

VulnCheck KEV 2025-10-20

ENISA EUVD EUVD-2025-35038

CWE

CWE-940

Status published

Products (1)

motex/lanscope_endpoint_manager < 9.3.2.7

Published Oct 20, 2025

KEV Added Oct 22, 2025

Tracked Since Feb 18, 2026