A command injection vulnerability in Array Networks AG Series secure access gateways has been actively exploited since August 2025, mainly targeting systems with DesktopDirect enabled. This security flaw, addressed in May 2025, has led to web shell attacks in Japan, with attackers exploiting the vulnerability from a known IP address. #ArrayNetworks #DesktopDirect #WebShells
Keypoints
- The vulnerability allows attackers to execute arbitrary commands on affected systems.
- It impacts ArrayOS versions 9.4.5.8 and earlier, with a fix available in version 9.4.5.9.
- If unpatched, disabling DesktopDirect and URL filtering is recommended as mitigation.
- Attacks have been confirmed in Japan, exploiting the flaw to drop web shells post-August 2025.
- No current evidence links the attacks to the China-linked MirrorFace group despite past similar exploits.
Read More: https://thehackernews.com/2025/12/jpcert-confirms-active-command.html