CVE-2025-61932

Name of the Vulnerable Software and Affected Versions Lanscope Endpoint Manager versions 9.4.7.1 and earlier Motex LANSCOPE Endpoint Manager versions 9.4.7.2 and earlier

Description Lanscope Endpoint Manager (Client program and Detection agent) has a flaw in how it verifies the source of incoming requests. This allows an attacker to execute arbitrary code by sending specially crafted packets. This vulnerability is actively exploited by the China-linked threat actor, Bronze Butler (also known as Tick), and has been designated as a Known Exploited Vulnerability (KEV) by CISA. The group has been observed deploying the Gokcpdoor malware and utilizing techniques to evade detection. The vulnerability allows for remote code execution with SYSTEM-level privileges. The exploitation has been observed targeting organizations in Japan and beyond. It is estimated that this vulnerability is being actively exploited in real-world attacks. The vulnerability is identified as CVE-2025-61932.

Recommendations Update Lanscope Endpoint Manager to version 9.4.7.2 or later. Update Lanscope Endpoint Manager to version 9.3.2.7 or later. Apply patches as soon as possible, with a remediation deadline of November 12, 2025, as advised by CISA.