Hackers Exploit ArrayOS AG VPN Flaw to Plant Webshells

December 5, 2025

What happened

Attackers are exploiting a command injection flaw in Array Networks’ ArrayOS AG VPN to install webshells on vulnerable devices.

Who is affected

Organizations that use ArrayOS AG VPN appliances and have not applied the most recent security update.

Why CISOs should care

The flaw is under active exploitation. Once attackers plant a webshell, they gain persistent remote access to the device. This access can be used for lateral movement, data theft, or staging further attacks. Since VPN appliances sit at the network edge, a breach can weaken core security controls.

3 practical actions

Patch all ArrayOS AG VPN appliances to the latest version.
Review logs and file systems for webshells or unusual activity.
Isolate VPN appliances from sensitive systems and enforce strict access policies.

Monique Angeli Mendoza

+ posts

Cloudflare Outage Knocks Sites Offline With 500 Errors

Predator Spyware Uses New Tricks to Bypass Device Security

Hackers Exploit ArrayOS AG VPN Flaw to Plant Webshells

Related

CISO Diaries: Carlos García Batista on Cyber Resilience in Emergency Services

Gartner Security & Risk Management Summit 2026: 12 Cybersecurity Companies to Watch

CISO Diaries: Vincent Swolfs on Offensive Security at Scale, Risk, and Turning Hacking into Executive Decision-Making

AI Security Enters A New Phase As Daylight Extends MDR Into Claude Enterprise

CISO Diaries: Elisa Romano on Security, Innovation, and the Human Side of Resilience

What happened

Who is affected

Why CISOs should care

3 practical actions

Monique Angeli Mendoza

CISO Diaries: Carlos García Batista on Cyber Resilience in Emergency Services

Gartner Security & Risk Management Summit 2026: 12 Cybersecurity Companies to Watch

Hackers Exploit ArrayOS AG VPN Flaw to Plant Webshells

Related

What happened

Who is affected

Why CISOs should care

3 practical actions

Subscribe to our stories