ArrayOS AG command injection flaw (actively exploited)
Vulnerability
Summary
Hide ▲
Show ▼
A command injection flaw in Array AG Series VPN devices is being actively exploited, enabling attackers to plant webshells and create rogue users on exposed appliances. The weakness affects ArrayOS AG 9.4.5.8 and earlier and has a fix in Array OS 9.4.5.9. If upgrading is not possible, defenders can disable DesktopDirect or filter URLs containing a semicolon.
Related Happenings
Array Networks AG Series secure access gateways command injection flaw (actively exploited)
Vulnerability
First: 05.12.2025 07:40
Last: 05.12.2025 07:40
Sources 1
About this happening:
**Array Networks AG Series secure access gateways** are facing an **actively exploited command injection flaw** in **DesktopDirect** that can enable **arbitrary command execution*...
Array Networks AG Series secure access gateways command injection flaw (actively exploited)
VulnerabilityAbout this happening: **Array Networks AG Series secure access gateways** are facing an **actively exploited command injection flaw** in **DesktopDirect** that can enable **arbitrary command execution*...
Array AG Series VPN exploitation wave targeting Japan
Exploitation Wave
First: 05.12.2025 01:05
Last: 05.12.2025 01:05
Sources 1
How related:
An advisory from Japan's Computer Emergency and Response Team (CERT) warns that hackers have been exploiting the vulnerability since at least August in attacks targeting organizations in the country.
About this happening:
**Array AG Series VPN devices** are seeing **active exploitation** against **organizations in Japan**, with abuse observed **since at least August**. Attackers are using a **comma...
Array AG Series VPN exploitation wave targeting Japan
Exploitation WaveHow related: An advisory from Japan's Computer Emergency and Response Team (CERT) warns that hackers have been exploiting the vulnerability since at least August in attacks targeting organizations in the country.
About this happening: **Array AG Series VPN devices** are seeing **active exploitation** against **organizations in Japan**, with abuse observed **since at least August**. Attackers are using a **comma...
Timeline
-
05.12.2025 01:05 2 articles · 5mo ago
JPCERT warns about actively exploited ArrayOS AG command injection flaw
Initial DisclosureJPCERT/CC warned that hackers have been exploiting a command injection vulnerability in ArrayOS AG VPN devices targeting organizations in Japan since at least August, with confirmed incidents attempting to place a PHP webshell file in /ca/aproxy/webapp/ and activity tied to 194.233.100[.]138. Array Networks said it fixed the flaw in a May security update, and Array OS version 9.4.5.9 addresses the problem; if updating is not possible, DesktopDirect can be disabled or URLs containing a semicolon can be blocked.
Show sources
- Hackers are exploiting ArrayOS AG VPN flaw to plant webshells — www.bleepingcomputer.com — 05.12.2025 01:05
- Hackers are exploiting ArrayOS AG VPN flaw to plant webshells — www.bleepingcomputer.com — 05.12.2025 01:05