JPCERT Confirms Active Command Injection Attacks on Array AG Gateways
JPCERT has confirmed active command injection attacks targeting Array Networks AG Series secure access gateways. These attacks have been ongoing since August 2025, as revealed in a recent alert issued by JPCERT/CC. The vulnerability exploited in these attacks affects Array Networks’ AG Series gateways, which are widely used for secure remote access.
This security flaw is linked to Array’s DesktopDirect, a remote desktop access solution designed to allow users to securely connect to their systems. The vulnerability enables attackers to inject malicious commands, potentially compromising the affected systems. Although this vulnerability does not have an official CVE identifier, it poses a significant risk to organizations using these gateways.
Details of the Vulnerability and Response
Array Networks addressed the vulnerability on May 11, 2025, by releasing a patch to fix the issue. Despite this, attackers have been exploiting the flaw in the wild since August 2025, several months after the patch was made available. This indicates that many systems may remain unpatched and vulnerable to these command injection attacks.
The command injection vulnerability arises from the way DesktopDirect handles user input, allowing attackers to execute unauthorized commands on the gateway devices. This can lead to unauthorized access, data breaches, or further compromise of the network. Given the critical role of these gateways in secure remote access, the impact of such attacks can be severe.
Implications of JPCERT Confirms Active Command Injection Attacks
JPCERT confirms active command injection attacks on Array AG gateways, highlighting the ongoing threat to organizations relying on these devices for secure access. The confirmation by JPCERT/CC serves as a warning to administrators and security teams to urgently apply the available patches and review their security measures.
The fact that these attacks have been active since August 2025 underscores the importance of timely patch management and vulnerability mitigation. Organizations using Array Networks AG Series gateways should prioritize updating their systems to prevent exploitation. Failure to do so could result in unauthorized command execution and potential compromise of sensitive data.
In summary, JPCERT confirms active command injection attacks on Array AG gateways, emphasizing the need for vigilance and prompt action. The vulnerability, rooted in the DesktopDirect solution, has been exploited in the wild despite the availability of a patch since May 2025. This situation highlights the ongoing challenges in securing remote access infrastructure against emerging threats.
For more stories on this topic, visit our category page.
Source: original article.