Vulnerability Description
Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025.
CVSS Score
7.2
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Arraynetworks | Arrayos Ag | < 9.4.5.9 |
| Arraynetworks | Ag1000 | - |
| Arraynetworks | Ag1000T | - |
| Arraynetworks | Ag1000V5 | - |
| Arraynetworks | Ag1100 | - |
| Arraynetworks | Ag1100V5 | - |
| Arraynetworks | Ag1150 | - |
| Arraynetworks | Ag1200 | - |
| Arraynetworks | Ag1200V5 | - |
| Arraynetworks | Ag1500 | - |
| Arraynetworks | Ag1500Fips | - |
| Arraynetworks | Ag1500V5 | - |
| Arraynetworks | Ag1600 | - |
| Arraynetworks | Ag1600V5 | - |
| Arraynetworks | Vxag | - |
Related Weaknesses (CWE)
References
- https://www.bleepingcomputer.com/news/security/hackers-are-exploiting-arrayos-agPress/Media Coverage
- https://www.jpcert.or.jp/at/2025/at250024.htmlThird Party Advisory
- https://x.com/ArraySupport/status/1921373397533032590Third Party Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-US Government Resource
FAQ
What is CVE-2025-66644?
CVE-2025-66644 is a vulnerability with a CVSS score of 7.2 (HIGH). Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025.
How severe is CVE-2025-66644?
CVE-2025-66644 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-66644?
Check the references section above for vendor advisories and patch information. Affected products include: Arraynetworks Arrayos Ag, Arraynetworks Ag1000, Arraynetworks Ag1000T, Arraynetworks Ag1000V5, Arraynetworks Ag1100.