CVE-2025-66644
moderate-risk
Published 2025-12-05
Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025.
Do I need to act?
~
3.2% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.2/10
High
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (4)
Press/Media Coverage
https://www.bleepingcomputer.com/news/security/hackers-are-exploiting-arrayos-ag...
Third Party Advisory
https://www.jpcert.or.jp/at/2025/at250024.html
Third Party Advisory
https://x.com/ArraySupport/status/1921373397533032590
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-...
44
/ 100
moderate-risk
Severity
26/34 · High
Exploitability
13/34 · Low
Exposure
5/34 · Minimal