Tracked as CVE-2025-61932, the flaw impacts both the Client Program (MR) and the Detection Agent (DA) in version 9.4.7.1 and earlier.
Real-world exploit attempts have already been observed, making prompt patching imperative.
Security researchers found that specially crafted network packets sent to computers running the vulnerable on-premise software trigger a severe error in the MR client and DA detection agent.
This error bypasses all user interaction requirements no clicks or email openings are needed granting attackers direct, high-privilege code execution on target machines.
Evidence indicates that malicious packets exploiting this weakness have been delivered to customer networks in live environments.
Only the On-Premise Edition of LANSCOPE Endpoint Manager is affected; the Cloud Edition remains unaffected.
Both core components, Client Program (MR) and Detection Agent (DA), in version 9.4.7.1 and earlier, contain the vulnerability.
Organizations using the on-premise solution face an immediate risk until they apply the update.
A security update addressing this issue is now available on the official LANSCOPE support portal.
Because the vulnerability resides entirely in client-side software, every endpoint running the on-premise edition must be updated.
The patch uses the same procedure as a regular software upgrade for the MR client and DA agent; no manager console upgrade is required.
Administrators should schedule an immediate rollout of the patch and monitor networks for any unusual incoming packets targeting these agents.
| CVE ID | Product | CVSS 3.0 Score |
|---|---|---|
| CVE-2025-61932 | LANSCOPE Endpoint Manager On-Premise Edition | 9.8 |
Ensure all on-premise client PCs are updated without delay to eliminate the exploitation window presented by this severe flaw.
Cyber Awareness Month Offer: Upskill With 100+ Premium Cybersecurity Courses From EHA's Diamond Membership: Join Today
The post LANSCOPE Endpoint Manager Vulnerability Allows Attackers to Execute Remote Code appeared first on Cyber Security News.
Today's links Ada Palmer's "Inventing the Renaissance": A tour-de-force, a magnum opus, a work of…
Future The People Do Not Yearn for AutomationNilay Patel | The Verge “Not everything about…
The global energy industry has long depended on seismic data to locate oil and gas…
Artificial intelligence is quietly transforming every corner of modern industry. From predictive maintenance in heavy…
Additive manufacturing has always lived in a bit of a gray area. Some see it…
The global energy industry has long depended on seismic data to locate oil and gas…
This website uses cookies.