AI description
CVE-2025-66644 is an OS command injection vulnerability affecting Array Networks ArrayOS AG versions before 9.4.5.9. It allows an attacker to execute arbitrary commands. This vulnerability has been actively exploited in the wild since August 2025. Japan's CERT has warned that hackers are using this flaw to drop persistent backdoors onto vulnerable systems. CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog.
- Description
- Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- arrayos_ag
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- cve@mitre.org
- CWE-78
- Hype score
- Not currently trending
IPAのArray Networks製Array AGシリーズにおけるコマンドインジェクションの脆弱性について(※CVE-2025-66644になった)のページをリロードしたら、悪性IPリストが減っててビックリしたw https://t.co/medvT0M9Jj https://t.co/G1
@seen8th
9 Dec 2025
167 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨🚨CVE-2025-66644: Array Networks ArrayOS AG OS Command Injection Vulnerability Search by vul.cve Filter👉vul.cve="CVE-2025-66644" ZoomEye Dork👉app="Array Networks ArrayOS" 19.9k+ exposed instances. ZoomEye Link: https://t.co/PeacwBOfxc Refer: 1. https://t.co/CTHVLZw
@zoomeye_team
9 Dec 2025
1952 Impressions
5 Retweets
25 Likes
4 Bookmarks
0 Replies
0 Quotes
CVE-2025-66644 Array Networks Array AGシリーズにおけるコマンドインジェクションの脆弱性に関する注意喚起 https://t.co/zRNxMa55nf Array Networks製Array AGシリーズにおけるコマンドインジェクションの脆弱性について https://t
@taku888infinity
9 Dec 2025
789 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
🛡️We added D-Link routers and Array Networks vulnerabilities CVE-2022-37055 & CVE-2025-66644 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/
@CISACyber
8 Dec 2025
6635 Impressions
28 Retweets
58 Likes
9 Bookmarks
3 Replies
0 Quotes
CVE-2025-66644 Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025. https://t.co/jzbtdnic5e
@CVEnew
5 Dec 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arraynetworks:arrayos_ag:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "10896125-DBC8-46DD-8F4E-C6A9A9ED7D16",
"versionEndExcluding": "9.4.5.9"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arraynetworks:ag1000:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "EBE11A77-8C2F-46CA-87BA-47624380FFC1"
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1000t:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "5ED51E1F-3155-40C6-B61C-73D6A9F64987"
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1000v5:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "F0BC33CF-FA0B-4556-B11E-61FF9B14880A"
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1100:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "CD94C3C7-FA86-47EC-8D5C-4805CC9D7739"
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1100v5:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A9C8C9AE-AF59-4E5A-93CD-A394F1A31FA0"
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1150:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "5E025A9D-6B7C-42B6-95EA-0A5726A919F4"
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1200:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "0771D54C-15DF-403C-8CFA-B1E7D0136F50"
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1200v5:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "7C9F6B87-E3D2-419A-B086-B981EF912F80"
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1500:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "D385DBD0-C4A9-4168-82C2-832E0E40F42D"
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1500fips:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "01569AB3-736D-47FE-86DD-F08ACDDCD11E"
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1500v5:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "22E45185-071F-414A-AF78-4739F15A1D93"
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1600:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "C6F0988E-5E75-486A-9229-956D38A51C35"
},
{
"criteria": "cpe:2.3:h:arraynetworks:ag1600v5:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "1D09E2CC-C1B5-40DC-AD1A-7C6AB20525DC"
},
{
"criteria": "cpe:2.3:h:arraynetworks:vxag:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "6E149796-E3D7-4FAF-AB64-8D273E701861"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]