Exploiting the ArrayOS AG VPN Flaw: How a Single Vulnerability Opened the Door to Persistent Attacks

Exploiting the ArrayOS AG VPN Flaw: How a Single Vulnerability Opened the Door to Persistent Attacks

Alex Cipher's Profile Pictire Alex Cipher 9 min read

A single overlooked flaw in a widely used VPN appliance can become a golden ticket for hackers, as demonstrated by the recent exploitation of Array Networks’ AG Series VPN devices. Attackers have been actively targeting a command injection vulnerability in ArrayOS AG (versions 9.4.5.8 and earlier), leveraging it to plant persistent PHP webshells and gain remote access to enterprise networks. The vulnerability, which specifically impacts devices with the DesktopDirect feature enabled, has been exploited since at least August 2025, with attacks traced to a single IP address used for both initial compromise and ongoing control (BleepingComputer).

What makes this incident especially concerning is the absence of a formal CVE identifier, complicating detection and patch management for organizations that rely on automated tools. Security advisories from JPCERT/CC and real-time scanning by researchers like Yutaka Sejiyama have revealed over 1,800 exposed devices globally, with a concentration in Asia but significant risk worldwide. The attackers’ use of classic command injection techniques—such as semicolon injection in URLs—highlights how even well-known vulnerabilities can have outsized impact when left unpatched or poorly monitored. For organizations relying on VPNs as their digital gatekeepers, this breach is a stark reminder of the evolving tactics and persistence of today’s threat actors (BleepingComputer).

How Command Injection Opened the Door: The Technical Side of the ArrayOS AG VPN Flaw

Anatomy of the Vulnerability: Command Injection in ArrayOS AG

The core of the security breach in Array Networks’ AG Series VPN devices lies in a command injection vulnerability present in ArrayOS AG versions 9.4.5.8 and earlier. This flaw specifically affects both hardware and virtual appliances that have the ‘DesktopDirect’ remote access feature enabled. Command injection vulnerabilities occur when user-supplied input is improperly sanitized, allowing attackers to execute arbitrary commands on the underlying operating system.

In the case of ArrayOS AG, attackers exploited this flaw by sending specially crafted requests containing malicious commands. These commands were executed with the privileges of the web server process, providing attackers with a foothold on the device. According to BleepingComputer’s report, the vulnerability has been actively exploited since at least August 2025, with the earliest attacks traced back to an IP address (194.233.100[.]138) used for both exploitation and subsequent communications.

The vulnerability was addressed in ArrayOS AG version 9.4.5.9, but the lack of a formal identifier (such as a CVE) has complicated tracking and patch management efforts. The absence of a CVE also means that many automated vulnerability management tools may not detect the flaw, leaving organizations exposed if they rely solely on such systems for patching.

Exploitation Pathways: From Entry Point to Webshell Deployment

Attackers leveraged the command injection flaw to execute system-level commands, with the primary goal of planting PHP-based webshells on the device. The bulletin from Japan’s Computer Emergency and Response Team (JPCERT/CC) confirmed that malicious commands attempted to place a PHP webshell in the path /ca/aproxy/webapp/. This webshell provided persistent, remote access to the compromised device, allowing attackers to perform further malicious actions such as creating rogue users, exfiltrating data, or pivoting deeper into the network.

The exploitation process typically followed these steps:

  1. Discovery: Attackers scanned the internet for exposed ArrayOS AG devices, particularly those with the DesktopDirect feature enabled.
  2. Injection: Malicious HTTP requests containing command injection payloads were sent to vulnerable endpoints.
  3. Execution: The device executed the injected commands, resulting in the creation of a PHP webshell in a web-accessible directory.
  4. Persistence: Attackers used the webshell to maintain access, escalate privileges, and create unauthorized user accounts.
  5. Lateral Movement: With a foothold established, attackers could attempt to move laterally within the victim’s network, targeting other systems and resources.

This exploitation chain demonstrates the critical risk posed by command injection vulnerabilities in network perimeter devices, especially those providing remote access functionality.

Technical Indicators and Attack Patterns

The ongoing attacks against ArrayOS AG VPN appliances exhibit several technical indicators and consistent attack patterns. JPCERT/CC’s advisory highlighted that the majority of observed attacks originated from the IP address 194.233.100[.]138. This IP was not only used for the initial exploitation but also for command and control communications post-compromise.

One notable attack vector involved the use of semicolons in URLs, a common technique in command injection exploits. By injecting a semicolon (;), attackers could terminate legitimate commands and append their own malicious instructions. As a mitigation, JPCERT/CC recommended that organizations implement URL filtering to block access to URLs containing semicolons if they could not immediately update their devices.

The attacks were highly targeted, with a concentration on organizations in Japan. However, scans conducted by security researcher Yutaka Sejiyama revealed that there are at least 1,831 ArrayAG instances exposed globally, with the highest numbers in China, Japan, and the United States. Of these, at least 11 hosts were confirmed to have the DesktopDirect feature enabled, though the true number is likely higher due to incomplete scan coverage (BleepingComputer).

Device Exposure and Attack Surface Analysis

The attack surface for this vulnerability is defined by the number of publicly accessible ArrayOS AG VPN appliances with DesktopDirect enabled. The product line is primarily used by large organizations and enterprises to facilitate secure remote access to internal networks, applications, and cloud resources. This makes them attractive targets for threat actors seeking to compromise high-value networks.

Security researcher Yutaka Sejiyama’s scans identified 1,831 exposed instances worldwide, but the actual number of vulnerable devices may be significantly higher due to factors such as dynamic IP allocation, devices behind NAT, and incomplete internet-wide scanning. The concentration of users in Asia, particularly Japan, has led to a regional focus in both attacks and defensive advisories. This geographic clustering may have contributed to a slower response from security vendors and organizations outside of Asia, as noted by Sejiyama in his communication with BleepingComputer.

The DesktopDirect feature, which enables remote desktop access via the VPN gateway, expands the attack surface by exposing additional web application functionality. If not in use, JPCERT/CC strongly recommends disabling all DesktopDirect services to reduce risk.

Mitigation Challenges and Patch Management Issues

The response to the ArrayOS AG command injection vulnerability has been hampered by several factors:

  • Lack of CVE Assignment: The vulnerability has not been assigned a CVE identifier, complicating tracking and integration into vulnerability management workflows. Many organizations rely on CVE feeds to prioritize and deploy patches, and the absence of a CVE can result in delayed remediation.
  • Patch Availability and Adoption: Although Array Networks released a fix in version 9.4.5.9, not all organizations have applied the update. Reasons include lack of awareness, operational constraints, and the aforementioned tracking issues.
  • Workarounds: For organizations unable to immediately update, JPCERT/CC provided interim mitigations, such as disabling DesktopDirect and filtering URLs with semicolons. However, these are not comprehensive solutions and may not address all exploitation vectors.
  • Limited Global Awareness: The concentration of attacks in Japan and Asia has resulted in less attention from global security vendors and organizations, potentially leaving non-Asian users exposed due to a lack of targeted advisories and guidance.

These challenges underscore the importance of robust vulnerability disclosure practices, timely patch deployment, and layered defenses to mitigate the risk of exploitation in critical network infrastructure.

Post-Exploitation Activities and Persistence Mechanisms

Once attackers successfully exploited the command injection vulnerability and deployed a webshell, they gained persistent remote access to the compromised device. The webshell allowed for arbitrary command execution, file upload/download, and user account manipulation. In several confirmed incidents, attackers created rogue user accounts, further entrenching their presence and complicating remediation efforts.

The placement of the webshell in the /ca/aproxy/webapp/ directory ensured that it was accessible over the web, enabling attackers to interact with the device from anywhere. This persistence mechanism is particularly concerning in VPN appliances, as they often serve as gateways to sensitive internal resources.

Attackers could also use the compromised device as a launchpad for additional attacks, such as credential harvesting, lateral movement, and data exfiltration. The presence of a webshell on a VPN gateway significantly increases the risk of broader network compromise, as these devices typically have elevated privileges and trusted network positioning.

Detection and Forensic Considerations

Detecting exploitation of the ArrayOS AG command injection vulnerability requires careful monitoring of device logs, network traffic, and filesystem changes. Key indicators of compromise include:

  • Unusual HTTP requests containing semicolons or suspicious parameters.
  • Unauthorized files (e.g., PHP webshells) appearing in web-accessible directories.
  • Unexpected user accounts or changes to authentication configurations.
  • Outbound connections to known attacker-controlled IP addresses, such as 194.233.100[.]138.

Forensic analysis should focus on identifying the initial exploitation vector, mapping attacker activity post-compromise, and determining the scope of lateral movement. Given the stealthy nature of webshells and the potential for privilege escalation, incident responders should assume that attackers may have accessed sensitive data or established additional backdoors.

Lessons Learned: The Broader Impact of Perimeter Device Vulnerabilities

The exploitation of the command injection flaw in ArrayOS AG VPN appliances highlights several broader lessons for organizations:

  • Perimeter devices are high-value targets: VPN gateways and remote access solutions are frequent targets for attackers due to their privileged network position and exposure to the internet.
  • Prompt patching is critical: Delays in applying security updates, especially for perimeter devices, can result in rapid exploitation by threat actors.
  • Comprehensive vulnerability management: Relying solely on automated tools and CVE feeds may leave organizations exposed to untracked vulnerabilities. Manual review of vendor advisories and threat intelligence is essential.
  • Layered defenses and monitoring: Implementing defense-in-depth, including network segmentation, access controls, and robust monitoring, can limit the impact of device compromise.

The technical details of the ArrayOS AG command injection vulnerability and its exploitation underscore the need for vigilance, rapid response, and proactive security measures in protecting critical remote access infrastructure.

This report section is based on the latest available information as of December 4, 2025. For ongoing updates and advisories, refer to BleepingComputer and JPCERT/CC advisories.

Final Thoughts

The ArrayOS AG VPN incident underscores a hard truth: perimeter devices are prime targets, and even a single overlooked vulnerability can open the floodgates to persistent, damaging attacks. The lack of a CVE for this flaw left many organizations flying blind, while the rapid deployment of webshells by attackers demonstrated just how quickly threat actors can capitalize on security gaps. As remote access technologies and IoT devices proliferate, the stakes for timely patching and layered defenses have never been higher.

This case also highlights the importance of global threat intelligence sharing and the need for organizations to look beyond automated tools—manual review of vendor advisories and proactive monitoring are essential. For defenders, the lessons are clear: prioritize patching for internet-facing devices, monitor for unusual activity, and be ready to respond quickly when new vulnerabilities emerge. The evolving landscape of cyber threats demands vigilance, agility, and a willingness to learn from incidents like this one (BleepingComputer).

References

Related Articles