{"cve_id":"CVE-2025-66644","summary":"Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025.","cvss":7.2,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":7.2,"epss":0.0306,"ranking_epss":0.86661,"kev":true,"propose_action":"Array Networks ArrayOS AG contains an OS command injection vulnerability that could allow an attacker to execute arbitrary commands.","ransomware_campaign":"Unknown","references":["https://www.bleepingcomputer.com/news/security/hackers-are-exploiting-arrayos-ag-vpn-flaw-to-plant-webshells/","https://www.jpcert.or.jp/at/2025/at250024.html","https://x.com/ArraySupport/status/1921373397533032590","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-66644"],"published_time":"2025-12-05T19:15:53","cpes":["cpe:2.3:h:arraynetworks:ag1000:-","cpe:2.3:h:arraynetworks:ag1000t:-","cpe:2.3:h:arraynetworks:ag1000v5:-","cpe:2.3:h:arraynetworks:ag1100:-","cpe:2.3:h:arraynetworks:ag1100v5:-","cpe:2.3:h:arraynetworks:ag1150:-","cpe:2.3:h:arraynetworks:ag1200:-","cpe:2.3:h:arraynetworks:ag1200v5:-","cpe:2.3:h:arraynetworks:ag1500:-","cpe:2.3:h:arraynetworks:ag1500fips:-","cpe:2.3:h:arraynetworks:ag1500v5:-","cpe:2.3:h:arraynetworks:ag1600:-","cpe:2.3:h:arraynetworks:ag1600v5:-","cpe:2.3:h:arraynetworks:vxag:-","cpe:2.3:o:arraynetworks:arrayos_ag:-","cpe:2.3:o:arraynetworks:arrayos_ag:9.4.0.469","cpe:2.3:o:arraynetworks:arrayos_ag:9.4.0.470","cpe:2.3:o:arraynetworks:arrayos_ag:9.4.0.481","cpe:2.3:o:arraynetworks:arrayos_ag:9.4.0.495","cpe:2.3:o:arraynetworks:arrayos_ag:9.4.0.499"]}