A critical remote code execution vulnerability has been discovered in the on-premise edition of LANSCOPE Endpoint Manager that allows unauthenticated attackers to run arbitrary commands with high privileges on affected systems.
Tracked as CVE-2025-61932, the flaw impacts both the Client Program (MR) and the Detection Agent (DA) in version 9.4.7.1 and earlier.
Real-world exploit attempts have already been observed, making prompt patching imperative.
Vulnerability Details
Security researchers found that specially crafted network packets sent to computers running the vulnerable on-premise software trigger a severe error in the MR client and DA detection agent.
This error bypasses all user interaction requirements no clicks or email openings are needed granting attackers direct, high-privilege code execution on target machines.
Evidence indicates that malicious packets exploiting this weakness have been delivered to customer networks in live environments.
Only the On-Premise Edition of LANSCOPE Endpoint Manager is affected; the Cloud Edition remains unaffected.
Both core components, Client Program (MR) and Detection Agent (DA), in version 9.4.7.1 and earlier, contain the vulnerability.
Organizations using the on-premise solution face an immediate risk until they apply the update.
A security update addressing this issue is now available on the official LANSCOPE support portal.
Because the vulnerability resides entirely in client-side software, every endpoint running the on-premise edition must be updated.
The patch uses the same procedure as a regular software upgrade for the MR client and DA agent; no manager console upgrade is required.
Administrators should schedule an immediate rollout of the patch and monitor networks for any unusual incoming packets targeting these agents.
CVE Summary Table
| CVE ID | Product | CVSS 3.0 Score |
|---|---|---|
| CVE-2025-61932 | LANSCOPE Endpoint Manager On-Premise Edition | 9.8 |
Ensure all on-premise client PCs are updated without delay to eliminate the exploitation window presented by this severe flaw.
Cyber Awareness Month Offer: Upskill With 100+ Premium Cybersecurity Courses From EHA's Diamond Membership: Join Today
%20(1).webp?resize=1600,900&ssl=1&description=Tracked as CVE-2025-61932, the flaw impacts both the Client Program (MR) and the Detection Agent (DA) in version 9.4.7.1 and earlier.){kind=link}