CVE-2025-66644
published 2025-12-05CVE-2025-66644: Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025.
PriorityP188critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2025-12-29
Exploited in the wild
EPSS
3.05%
85.9th percentile
Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| array_networks | arrayos_ag | < 9.4.5.9 | 9.4.5.9 |
| arraynetworks | arrayos_ag | < 9.4.5.9 | 9.4.5.9 |
Detection & IOCsextracted from sources · hover to see the quote
- →Array Networks ArrayOS AG OS command injection vulnerability — monitor for unexpected command execution originating from the ArrayOS AG process/service ↗
- →Vulnerability confirmed exploited in the wild between August and December 2025 — treat any ArrayOS AG instance running versions before 9.4.5.9 as actively targeted ↗
- ·Vendor advisory and JPCERT advisory should be consulted for specific patch and mitigation guidance; fix is available in ArrayOS AG 9.4.5.9 and later ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck7.2HIGH
cisa9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hqfm-g725-ccqr: Array Networks ArrayOS AG before 9
ghsa_unreviewed·2025-12-05
CVE-2025-66644 [HIGH] CWE-78 GHSA-hqfm-g725-ccqr: Array Networks ArrayOS AG before 9
Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025.
VulnCheck
Array Networks ArrayOS AG OS Command Injection Vulnerability
vulncheck·2025·CVSS 7.2
CVE-2025-66644 [HIGH] CWE-78 Array Networks ArrayOS AG OS Command Injection Vulnerability
Array Networks ArrayOS AG OS Command Injection Vulnerability
Array Networks ArrayOS AG contains an OS command injection vulnerability that could allow an attacker to execute arbitrary commands.
Affected: Array Networks ArrayOS AG
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://www.cve.org/CVERecord?id=CVE-2025-66644; https://www.jpcert.or.jp/at/2025/at250024.html; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://www.recordedfuture.com/blog/december-2025-cve-landscape; https://www.loginsoft.com/reports/annually/vulnerability-intelligence-report-2025
Remediation Due: 2025-12-29
CISA
Array Networks ArrayOS AG OS Command Injection Vulnerability
cisa·2025-12-08·CVSS 9.8
CVE-2025-66644 [CRITICAL] CWE-78 Array Networks ArrayOS AG OS Command Injection Vulnerability
Vulnerability: Array Networks ArrayOS AG OS Command Injection Vulnerability
Affected: Array Networks ArrayOS AG
Array Networks ArrayOS AG contains an OS command injection vulnerability that could allow an attacker to execute arbitrary commands.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/ag.html ; https://www.jpcert.or.jp/at/2025/at250024.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-66644
Remediation Due Date: 2025-12-29
No detection rules found.
No public exploits indexed.
2025-12-05
Published
2025-12-08
Added to CISA KEV
Exploited in the wild