Critical remote code execution flaw in LANSCOPE Endpoint Manager actively exploited
Take action: If you're using LANSCOPE Endpoint Manager on-premise edition (version 9.4.7.1 or earlier), this is urgent. Start updating all client endpoints to the latest patched version. Attackers are already exploiting the flaw to to gain full system control. Prioritize patching internet-facing systems first.
Learn More
A critical remote code execution vulnerability has been discovered in the on-premise edition of LANSCOPE Endpoint Manager that allows unauthenticated attackers to execute arbitrary commands with high privileges on affected systems.
LANSCOPE Endpoint Manager is an endpoint management and security solution used by organizations for device monitoring, security policy enforcement, and IT asset management.
The vulnerability is tracked as CVE-2025-61932 (CVSS score 9.8) a remote code execution vulnerability affecting the Client Program (MR) and Detection Agent (DA) components of LANSCOPE Endpoint Manager on-premise edition. The vulnerability allows unauthenticated attackers to send specially crafted network packets to vulnerable endpoints, triggering errors that bypass authentication and authorization controls.
Successful exploitation grants attackers high-privilege code execution capabilities, enabling them to install malware, steal sensitive data, establish persistence mechanisms, move laterally through networks, or completely compromise affected systems.
Exploit attempts have already been observed in live customer environments, making immediate patching imperative for organizations using the on-premise solution.
Affected products:
- LANSCOPE Endpoint Manager (On-Premise Edition) - Client Program (MR): Version 9.4.7.1 and earlier
- LANSCOPE Endpoint Manager (On-Premise Edition) - Detection Agent (DA): Version 9.4.7.1 and earlier
Only the on-premise edition of LANSCOPE Endpoint Manager is affected by this vulnerability. The Cloud Edition is not affected and does not require any action.
A security update patching CVE-2025-61932 is now available on the official LANSCOPE support portal. Because the vulnerability resides entirely in client-side software components, every endpoint running the on-premise edition must be updated individually. The patch deployment follows the same procedure as a regular software upgrade for both the MR client and DA agent components. No manager console upgrade is required, simplifying the patching process for administrators.
Organizations should implement an immediate emergency patching schedule to update all on-premise client endpoints. Administrators should prioritize endpoints with internet-facing network connectivity or those located in network segments accessible to potential attackers.
