In April 2023, the Sonar Research team discovered two critical vulnerabilities (CVE-2023-30575 and CVE-2023-30576) in Apache Guacamole, a popular remote desktop gateway. These vulnerabilities allowed low-privileged users to gain remote code execution on the Guacamole server by attacking the external web interface. Attackers could leverage this access to spy on every connection, harvest sensitive credentials, and pivot to an organization's internal network. Thanks to our report, the Guacamole maintainers fixed the vulnerabilities in May 2023 with version 1.5.2, and there were no signs of in-the-wild exploitation.