JPCERT Confirms Active Command Injection Attacks on Array AG Gateways

JPCERT/CC has confirmed active exploitation of a command injection vulnerability in Array Networks AG Series secure access gateways since August 2025. The vulnerability affects the DesktopDirect remote desktop access solution and was patched by Array Networks on May 11, 2025. However, the vulnerability does not have a CVE identifier assigned. The flaw allows attackers to execute arbitrary commands on vulnerable systems, making it a high-priority security concern for organizations using these gateways.