CISA warns Motex Landscope Endpoint Manager has a worrying security flaw, so patch now

News
By published

Critical severity bug is being actively exploited in the wild, experts warn

Ransomware
(Image credit: Pixabay)
  • CISA adds critical Motex Lanscope flaw to its Known Exploited Vulnerabilities catalog
  • The CVE-2025-61932 bug enables remote code execution and was exploited as a zero-day
  • Agencies must patch within three weeks; private firms are strongly urged to follow suit

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a critical severity Motex Landscope Endpoint Manager flaw to its Known Exploited Vulnerabilities (KEV) catalog, signaling abuse in the wild, and urging government agencies to apply the patch immediately.

Recently, Motex said it fixed an improper verification of the origin of incoming requests vulnerability, which could be abused to achieve arbitrary code execution. It is tracked as CVE-2025-61932, and was given a severity score of 9.3/10 (critical).

“A vulnerability exists in the Endpoint Manager On-Premises client program (hereafter referred to as MR) and the Detection Agent (hereafter referred to as DA) that allows remote code execution,” the company said in a security advisory.

Zero-day

At the time the patch was released, the vulnerability was already being exploited as a zero-day, Motex confirmed. Versions 9.4.7.2 and earlier were said to be vulnerable, and the company confirmed there were no workarounds available.

On October 22, CISA added the flaw to KEV, giving Federal Civilian Executive Branch (FCEB) agencies a three-week deadline to patch up or stop using the program altogether. While CISA’s directive is only mandatory for FCEB agencies, organizations in the private sector would do well to follow suit and patch up, since cybercriminals rarely make the distinction between the two.

Lanscope Endpoint Manager is an endpoint management and security solution developed by Motex, a subsidiary of Kyocera Communication Systems.

It is a centralized solution with features such as asset management, operation log acquisition, and different security measures, and is offered as an asset/endpoint management option through Amazon Web Services (AWS), and is quite popular in Japan and Asia.

While Motex confirmed abuse in the wild, it did not name any victims, or attackers.

However BleepingComputer speculates the recent attacks on Asahi brewery and the Askul ecommerce retailer may have been done through the Motex flaw. In that case, one of the ransomware groups abusing the bug is Qilin.

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.