Hello! If you use Lanscope Endpoint Manager, you’ll want to pay attention to this. The Cybersecurity and Infrastructure Security Agency (CISA) has just provided an alert on a severe vulnerability in the software-and there are hackers actively exploiting the vulnerability.
Affected versions:
• All Lanscope Endpoint Manager versions 9.4.7.2 and below are vulnerable;
• A patch is available in the released version (9.4.7.3) -- there is no other alternate mitigation measure!
So, the only real option? Update your devices right away.
The CISA has added this vulnerability to their Known Exploited Vulnerabilities (KEV) list which means that hackers are already exploiting it on systems.
Government agencies are encouraged to fix this by November 12. Even if you are not a government agency, it is wise to fix this as soon as possible.
• Update Lanscope Endpoint Manager to the latest version (9.4.7.2 or higher)
• Reject / limit network access to your Lanscope servers until a patch can be applied.
• Review your logs for any unusual or suspicious activity.
• Notify your IT department so they can take immediate action and to communicate to others that it is urgent.
These simple steps can help prevent attackers before they gain entry to your network.
So, what’s the vulnerability?
The vulnerability is called CVE-2025-61932, and it’s a critical flaw (9.3/10). Basically, the vulnerability allows an attacker to execute their code on your system, simply by sending the system crafted data packets. An attacker does not need to authenticate!Affected versions:
• All Lanscope Endpoint Manager versions 9.4.7.2 and below are vulnerable;
• A patch is available in the released version (9.4.7.3) -- there is no other alternate mitigation measure!
So, the only real option? Update your devices right away.
Who should be concerned?
If you manage computers, mobile devices or servers using Lanscope, this will apply to you.The CISA has added this vulnerability to their Known Exploited Vulnerabilities (KEV) list which means that hackers are already exploiting it on systems.
Government agencies are encouraged to fix this by November 12. Even if you are not a government agency, it is wise to fix this as soon as possible.
What actions should you take, and what is first?
These are some things that you can do immediately:• Update Lanscope Endpoint Manager to the latest version (9.4.7.2 or higher)
• Reject / limit network access to your Lanscope servers until a patch can be applied.
• Review your logs for any unusual or suspicious activity.
• Notify your IT department so they can take immediate action and to communicate to others that it is urgent.
These simple steps can help prevent attackers before they gain entry to your network.