CISA has issued a critical alert regarding a severe vulnerability in Motex LANSCOPE Endpoint Manager, a popular tool for managing IT assets across networks.

Dubbed an improper verification of the source of a communication channel flaw, this issue allows attackers to execute arbitrary code simply by sending specially crafted packets.

The vulnerability, tracked under CVE-2025-61932, has already been exploited in the wild, prompting CISA to add it to its Known Exploited Vulnerabilities (KEV) catalog.

Organizations using the software are urged to act immediately to prevent potential breaches that could lead to data theft, ransomware deployment, or full system compromise.

This warning comes amid a surge in endpoint management exploits, as cybercriminals increasingly target administrative tools to gain deeper network access.

Motex LANSCOPE, developed by Japanese firm Motex, helps IT teams monitor and control devices remotely, making it a prime target for attackers seeking to pivot from individual endpoints to entire infrastructures.

While specific details on the exploitation campaigns remain limited, security researchers note that the flaw’s remote code execution (RCE) capability makes it particularly dangerous, especially in unpatched environments.

At its core, the vulnerability stems from inadequate checks on incoming communication packets, allowing malicious actors to impersonate legitimate sources.

According to the CWE-940 definition, this improper verification can bypass authentication mechanisms, enabling unauthenticated remote access.

Attackers need only craft packets that mimic trusted traffic, potentially leading to the deployment of malware or backdoors without user interaction.

CISA’s alert highlights that while the vulnerability’s use in ransomware campaigns is currently unknown, its RCE nature aligns with tactics seen in recent high-profile attacks, such as those targeting supply chain weaknesses.

Endpoint managers like LANSCOPE are often deployed in enterprise settings, including sectors like finance and healthcare, where downtime or data exposure could have cascading effects.

Early indicators suggest exploitation may involve phishing-laced packets or direct network probes, underscoring the need for robust network segmentation.

Mitigations

To counter the threat, CISA recommends applying vendor-provided patches or mitigations without delay. Motex has reportedly released updates addressing the issue, but organizations should verify compatibility before deployment.

For cloud-integrated instances, adherence to Binding Operational Directive (BOD) 22-01 is essential, emphasizing vulnerability management in federal systems guidance that extends valuably to private entities.

If patches prove unavailable or ineffective, discontinuing use of the product is advised as a last resort. This incident reflects ongoing challenges in endpoint security, where legacy tools often lag behind evolving threats.

As CISA continues to monitor developments, experts call for proactive measures like regular vulnerability scanning and zero-trust architectures.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post CISA Warns of Motex LANSCOPE Endpoint Manager Vulnerability Exploited in Attacks appeared first on Cyber Security News.

Atlassian has disclosed a high-severity path traversal vulnerability in Jira Software Data Center and Server that enables authenticated attackers to arbitrarily write files to any path accessible by the Java Virtual Machine (JVM) process.

This flaw, tracked as CVE-2025-22167 with a CVSS score of 8.7, affects versions from 9.12.0 through 11.0.1 and was internally discovered, prompting urgent patch recommendations.

Organizations relying on Jira for project management face risks of data tampering or service disruption if unpatched.

Path Traversal Flaw Exposed

The vulnerability stems from inadequate input validation in file handling mechanisms, allowing attackers with low privileges, such as authenticated users, to bypass path restrictions.

By crafting malicious requests, an exploiter can inject traversal sequences like “../” to target sensitive directories outside the intended scope, writing arbitrary data wherever the JVM has write permissions.

Introduced in major releases 9.12.0 and 10.3.0, it persisted into the 11.0 branch until fixes in 9.12.28, 10.3.12, and 11.1.0.

Atlassian confirmed no user interaction is needed, and the attack vector is network-based with low complexity, making it exploitable remotely.

While primarily an arbitrary write issue, it could enable reads if combined with other flaws, escalating to data exfiltration or code injection.

For businesses using Jira in software development or IT operations, exploitation could corrupt configuration files, alter project data, or deploy malware, leading to operational chaos or compliance breaches.

The high integrity and availability impacts mean attackers might delete logs, modify databases, or cause denial-of-service by overwriting critical files.

In regulated sectors like finance or healthcare, this could expose intellectual property or patient information indirectly.

No public exploits exist yet, but the ease of access requiring only basic authentication heightens urgency, especially for internet-facing instances.

Mitigations

Atlassian urges immediate upgrades to patched versions: 9.12.28 or later for the 9.x series, 10.3.12 or higher for 10.x, and 11.1.0 or beyond for the newest branch.

Users unable to update fully should apply these minimum fixes and monitor release notes for details. As interim measures, restrict JVM filesystem permissions, segment network access, and enable anomaly detection for file changes.

Backups and audits are essential to recover from potential incidents. This internal report underscores Atlassian’s proactive stance, but delayed patching could invite targeted attacks in a landscape rife with supply chain threats.

With over 200,000 organizations dependent on Jira, swift action is critical to safeguard workflows.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Jira Software Vulnerability Let Attacker Modify Any Filesystem Path Writable By JVM process appeared first on Cyber Security News.