LANSCOPE Endpoint Manager Flaw Allows Remote Code Execution

A critical security flaw has been found in the on-premise edition of LANSCOPE Endpoint Manager that could let attackers run malicious code on vulnerable machines.

The issue, tracked as CVE-2025-61932, involves a remote code execution vulnerability in two core components: the Client Program (MR) and the Detection Agent (DA).

Customers have already seen attempts to exploit this weakness in real-world environments, making it essential to apply the available patch as soon as possible.

Details of the Vulnerability

Researchers discovered that specially crafted network packets sent to computers running the affected versions of the on-premise Endpoint Manager could trigger a severe error.

This error allows an attacker to execute arbitrary commands with high privileges on the target system. Both the MR client program and the DA detection agent are impacted in version 9.4.7.1 and earlier.

Evidence shows that some customer networks have already received malicious packets exploiting this flaw.

The attack does not require user interaction, meaning systems are at risk even if no one clicks on a suspicious link or opens an email attachment.

For organizations using Endpoint Manager On-Premise Edition, the risk is urgent, while users of the Cloud Edition remain unaffected.

The vulnerability carries a CVSS 3.0 score of 9.8, placing it in the “emergency” category due to its potential impact and ease of exploitation. Below is a summary of the affected components:

A security update is now available on the official LANSCOPE support portal. Since this vulnerability resides in the client-side software, every client PC running the on-premise edition must be updated.

The update for the Client Program (MR) and the Detection Agent (DA) uses the same patch procedure as a regular software upgrade. There is no requirement to upgrade the manager console itself.

Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.