- CISA adds critical Motex Lanscope flaw to its catalog of known exploited vulnerabilities
- Bug CVE-2025-61932 allows remote code execution and was exploited as a zero-day bug
- Agencies must apply patches within three weeks; Private companies are strongly urged to follow suit.
The US Cybersecurity and Infrastructure Security Agency (CISA) has added a critical severity Motex Landscope Endpoint Manager flaw to its catalog of known exploited vulnerabilities (KEV), indicating an abuse in the wild and urging government agencies to apply the patch immediately.
Recently, Motex said it fixed an inadequate source verification vulnerability for incoming requests, which could be abused to achieve arbitrary code execution. It is tracked as CVE-2025-61932 and was assigned a severity score of 9.3/10 (critical).
“A vulnerability exists in the local Endpoint Manager (MR) and Discovery Agent (DA) client program that allows remote code execution,” the company said in a security advisory.
day zero
At the time the patch was released, the vulnerability was already being exploited as a zero-day, Motex confirmed. Versions 9.4.7.2 and earlier were said to be vulnerable and the company confirmed that no workarounds were available.
On October 22, CISA added the bug to KEV, giving Federal Civil Executive Branch (FCEB) agencies three weeks to fix or stop using the program entirely. While the CISA directive is only mandatory for FCEB agencies, private sector organizations would do well to follow suit and put things right, as cybercriminals rarely make the distinction between the two.
Lanscope Endpoint Manager is an endpoint management and security solution developed by Motex, a subsidiary of Kyocera Communication Systems.
It is a centralized solution with features such as asset management, transaction log acquisition, and different security measures, and is offered as an asset/endpoint management option through Amazon Web Services (AWS) and is quite popular in Japan and Asia.
While Motex confirmed abuse in the wild, it did not name any victims or attackers.
However beepcomputer speculates that the recent attacks on brewery Asahi and e-commerce retailer Askul may have been carried out through the Motex flaw. In that case, one of the ransomware groups abusing the bug is Qilin.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
The best antivirus for all budgets
