Vulnerability Details CVE-2025-66644
Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.032
EPSS Ranking 87.0%
CVSS Severity
CVSS v3 Score 7.2
Proposed Action
Array Networks ArrayOS AG contains an OS command injection vulnerability that could allow an attacker to execute arbitrary commands.
Ransomware Campaign
Unknown
References
Products affected by CVE-2025-66644
-
cpe:2.3:h:arraynetworks:ag1000:-
-
cpe:2.3:h:arraynetworks:ag1000t:-
-
cpe:2.3:h:arraynetworks:ag1000v5:-
-
cpe:2.3:h:arraynetworks:ag1100:-
-
cpe:2.3:h:arraynetworks:ag1100v5:-
-
cpe:2.3:h:arraynetworks:ag1150:-
-
cpe:2.3:h:arraynetworks:ag1200:-
-
cpe:2.3:h:arraynetworks:ag1200v5:-
-
cpe:2.3:h:arraynetworks:ag1500:-
-
cpe:2.3:h:arraynetworks:ag1500fips:-
-
cpe:2.3:h:arraynetworks:ag1500v5:-
-
cpe:2.3:h:arraynetworks:ag1600:-
-
cpe:2.3:h:arraynetworks:ag1600v5:-
-
cpe:2.3:h:arraynetworks:vxag:-
-
cpe:2.3:o:arraynetworks:arrayos_ag:-
-
cpe:2.3:o:arraynetworks:arrayos_ag:9.4.0.469
-
cpe:2.3:o:arraynetworks:arrayos_ag:9.4.0.470
-
cpe:2.3:o:arraynetworks:arrayos_ag:9.4.0.481
-
cpe:2.3:o:arraynetworks:arrayos_ag:9.4.0.495
-
cpe:2.3:o:arraynetworks:arrayos_ag:9.4.0.499