Vulnerability Details CVE-2025-66644
Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.122
EPSS Ranking 93.6%
CVSS Severity
CVSS v3 Score 7.2
Proposed Action
Array Networks ArrayOS AG contains an OS command injection vulnerability that could allow an attacker to execute arbitrary commands.
Ransomware Campaign
Unknown
References
Products affected by CVE-2025-66644
-
cpe:2.3:h:arraynetworks:ag1000:-
-
cpe:2.3:h:arraynetworks:ag1000t:-
-
cpe:2.3:h:arraynetworks:ag1000v5:-
-
cpe:2.3:h:arraynetworks:ag1100:-
-
cpe:2.3:h:arraynetworks:ag1100v5:-
-
cpe:2.3:h:arraynetworks:ag1150:-
-
cpe:2.3:h:arraynetworks:ag1200:-
-
cpe:2.3:h:arraynetworks:ag1200v5:-
-
cpe:2.3:h:arraynetworks:ag1500:-
-
cpe:2.3:h:arraynetworks:ag1500fips:-
-
cpe:2.3:h:arraynetworks:ag1500v5:-
-
cpe:2.3:h:arraynetworks:ag1600:-
-
cpe:2.3:h:arraynetworks:ag1600v5:-
-
cpe:2.3:h:arraynetworks:vxag:-
-
cpe:2.3:o:arraynetworks:arrayos_ag:-
-
cpe:2.3:o:arraynetworks:arrayos_ag:9.4.0.469
-
cpe:2.3:o:arraynetworks:arrayos_ag:9.4.0.470
-
cpe:2.3:o:arraynetworks:arrayos_ag:9.4.0.481
-
cpe:2.3:o:arraynetworks:arrayos_ag:9.4.0.495
-
cpe:2.3:o:arraynetworks:arrayos_ag:9.4.0.499