CVE-2025-61932

ENISA EUVD: EUVD-2025-35038 ↗

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 5, 2026 3 articles Published: 2025-10-20

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

1.96%

probability

This CVE has a 1.96% probability of being exploited in the next 30 days.

0% Top 83.7th percentile of all CVEs 100%

CVSS v4.0 NEW

Source: VulnerabilityLookup (CIRCL)

9.3

CRITICAL

Attack Vector

Network

Attack Complexity

Low

Attack Requirements

None

Privileges Required

None

User Interaction

None

Vulnerable System Confidentiality Impact

High

Vulnerable System Integrity Impact

High

Vulnerable System Availability Impact

High

Subsequent System Confidentiality Impact

None

Subsequent System Integrity Impact

None

Subsequent System Availability Impact

None

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVSS v3.0

Source: VulnerabilityLookup (CIRCL)

9.8

CRITICAL

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)

Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets.

Affected Products

MOTEX Inc.

Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA))

Ver.9.4.7.1 and earlier

motex

lanscope endpoint manager

MOTEX Inc.

Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA))

Ver.9.4.7.1 and earlier

Attack Intelligence

CWE-284 · Improper Access Control CWE-345 · Insufficient Verification of Data Authenticity CWE-346 · Origin Validation Error CWE-693 · Protection Mechanism Failure CWE-923 · Improper Restriction of Communication Channel to Intended Endpoints CWE-940 · Improper Verification of Source of a Communication Channel

https://www.motex.co.jp/news/notice/2025/release251020/

https://jvn.jp/en/jp/JVN86318557/

Signal Intelligence

Confidenceⓘ

92%

EPSS 1.96%

CVSS v4.0 9.3

CVSS v3.0 9.8

Mentions 3

Last Seen Nov 01, 2025

CNA Information

CNA Assigner

jpcert

Analyst Note

CVE-2025-61932 is a 2025 vulnerability explicitly named as a zero-day exploited by China-linked threat actors (Tick group) in active cyberattacks. CISA added it to the KEV catalog confirming active exploitation in the wild. The timing aligns with a recent CVE publication (October 2025) and explicit zero-day language in multiple authoritative sources (BleepingComputer headline, Tick attribution article).

Threat Actors 5

APT 28

apt_group Information theft and espionage 🇷🇺 RU

Tick

apt_group Information theft and espionage 🇨🇳 CN

Infy

apt_group Information theft and espionage 🇮🇷 IR

APT 22

apt_group Information theft and espionage 🇨🇳 CN

Mana Team

apt_group 🇨🇳 CN

Triage Info

Decided atMar 05, 2026

Published DateOct 20, 2025