平台
other
组件
lanscope-endpoint-manager-on-premises-sub-manager-server
修复版本
9.4.8
A critical path traversal vulnerability (CVE-2026-25785) has been identified in Lanscope Endpoint Manager (On-Premises) Sub-Manager Server. This flaw allows attackers to potentially tamper with arbitrary files and execute arbitrary code on the affected system, leading to severe compromise. The vulnerability impacts versions of the Sub-Manager Server up to and including 9.4.7.3. A patch is expected to be released by the vendor.
The path traversal vulnerability in Lanscope Endpoint Manager allows an attacker to bypass intended access controls and manipulate files on the server. Successful exploitation could lead to complete system compromise, including data exfiltration, malware installation, and denial of service. An attacker could potentially modify configuration files, inject malicious code into legitimate processes, or gain persistent access to the network. The ability to execute arbitrary code significantly expands the attack surface and increases the potential for lateral movement within the environment. This vulnerability shares similarities with other path traversal exploits where attackers leverage improperly validated user input to navigate outside of intended directories.
CVE-2026-25785 was publicly disclosed on 2026-02-25. The EPSS score is pending evaluation. No public proof-of-concept exploits are currently known. Monitor CISA advisories and Lanscope's security bulletins for updates and potential exploitation campaigns.
Organizations utilizing Lanscope Endpoint Manager (On-Premises) Sub-Manager Server, particularly those with legacy configurations or limited security controls, are at significant risk. Shared hosting environments where multiple users share the same server instance are also vulnerable, as a compromise of one user's account could potentially lead to the exploitation of this vulnerability.
• windows / other: Monitor event logs for unusual file access patterns, particularly attempts to access files outside of the expected Lanscope Endpoint Manager directory. Use Sysinternals Process Monitor to track file system activity and identify suspicious processes.
• linux / server: Monitor system logs (e.g., /var/log/auth.log, /var/log/syslog) for unusual file access attempts. Use auditd to track file system access and create rules to detect suspicious patterns.
• generic web: Monitor web server access logs for requests containing directory traversal sequences (e.g., ../../).
disclosure
漏洞利用状态
EPSS
0.12% (31% 百分位)
CISA SSVC
CVSS 向量
Due to the lack of a currently available patch, immediate mitigation strategies are crucial. Implement strict access controls to limit user privileges and restrict file system access. Consider using a Web Application Firewall (WAF) to filter requests and block attempts to traverse directories. Monitor system logs for suspicious activity, particularly attempts to access unusual file paths. While a direct fix is pending, carefully review Lanscope Endpoint Manager's configuration and ensure that all unnecessary services and ports are disabled. After a patch is released, promptly apply it and verify its effectiveness by attempting to reproduce the vulnerability in a test environment.
将 Lanscope Endpoint Manager (On-Premises) 子管理器服务器更新到 9.4.7.3 之后的版本。请咨询供应商网站 (MOTEX Inc.) 获取最新版本和更新说明。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2026-25785 is a critical path traversal vulnerability in Lanscope Endpoint Manager (On-Premises) Sub-Manager Server versions up to 9.4.7.3, allowing attackers to manipulate files and potentially execute code.
You are affected if you are using Lanscope Endpoint Manager (On-Premises) Sub-Manager Server version 9.4.7.3 or earlier.
Apply the vendor-provided patch as soon as it becomes available. Until then, implement mitigation strategies like access controls and WAF rules.
Currently, no public proof-of-concept exploits are known, but active exploitation is possible. Monitor security advisories and system logs.
Refer to Lanscope's official security bulletins and website for the latest information and advisory regarding CVE-2026-25785.
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。