Kyocera’s Motex Lanscope Hit by Active Attacks: Critical 9.8 Exploit Enables Remote Code Execution

https://is1-ssl.mzstatic.com/image/thumb/Podcasts211/v4/f6/23/42/f62342b2-2c9e-c4b8-f30a-45740001dcdd/mza_9392632951824236990.jpg/600x600bb.jpg

Daily Security Review

410 episodes

5 days ago

Daily Security Review, the premier source for news and information on security threats, Ransomware and vulnerabilities

All content for Daily Security Review is the property of Daily Security Review and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Daily Security Review, the premier source for news and information on security threats, Ransomware and vulnerabilities

Technology

News,

Tech News

https://img.transistor.fm/uVmFN9MR8wE_l3I-B7fvA2MX3EjLsT5ClxlVwUkYgtw/rs:fill:0:0:1/w:1400/h:1400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS9mNzY5/NzhhMjRjMTAzMjYz/ZTllNTZjNGJhNzI2/NDQyYS5wbmc.jpg

Kyocera’s Motex Lanscope Hit by Active Attacks: Critical 9.8 Exploit Enables Remote Code Execution

Daily Security Review

18 minutes

1 week ago

Kyocera’s Motex Lanscope Hit by Active Attacks: Critical 9.8 Exploit Enables Remote Code Execution

A dangerous zero-day vulnerability in Kyocera Communications subsidiary Motex’s Lanscope Endpoint Manager has triggered a global cybersecurity alert after being actively exploited in real-world attacks. Tracked as CVE-2025-61932, this flaw carries a CVSS severity score of 9.8, allowing remote, unauthenticated attackers to execute arbitrary code simply by sending specially crafted packets to a vulnerable system. In effect, it grants full control over enterprise endpoints, turning a trusted management tool into a weapon against its own network.

The flaw, caused by improper verification of communication sources, has already been exploited in attacks primarily targeting organizations in Asia — especially Japan, where Lanscope’s adoption is widespread. Japan’s JPCERT/CC confirmed observing potential compromise attempts, and Motex has urged all customers running affected on-premises versions (9.4.7.1 or earlier) to apply emergency patches immediately.

As the situation escalated, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) took decisive action by adding CVE-2025-61932 to its Known Exploited Vulnerabilities (KEV) list, citing it as a frequent and dangerous attack vector. Under Binding Operational Directive (BOD) 22-01, CISA has mandated all federal agencies patch their systems within three weeks — a clear signal of the vulnerability’s severity. Though the directive is mandatory only for U.S. federal entities, CISA is strongly advising all organizations worldwide to review the KEV list and prioritize patching.

The potential consequences of exploitation are devastating. A successful compromise of Lanscope’s management layer could allow attackers to deploy ransomware across thousands of endpoints, steal sensitive corporate data, and maintain long-term access for espionage or persistence. With confirmed exploitation already underway, time is a critical factor.

Cybersecurity analysts stress that this incident underscores the growing trend of supply-chain and endpoint management exploits, where centralized administrative systems become high-value targets. Organizations using Lanscope must act immediately — conducting full asset discovery, validating deployments, and applying Motex’s latest patches without delay.

#Lanscope #CVE202561932 #Motex #KyoceraCommunications #CISA #KEVList #ZeroDay #ActiveExploitation #EndpointSecurity #RemoteCodeExecution #CyberAttack #PatchNow #JapanCybersecurity #BOD2201 #CVEAlert #Vulnerability #CISAMandate #NetworkSecurity #JPCERT #CyberThreat