CVE-2025-66644

HIGH KEV

Array Networks ArrayOS AG <9.4.5.9 - Command Injection

Title source: llm

Description

Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025.

References (4)

Scores

CVSS v3 7.2
EPSS 0.0320
EPSS Percentile 87.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2025-12-08
VulnCheck KEV 2025-12-05
ENISA EUVD EUVD-2025-201500
CWE
CWE-78
Status published
Products (1)
arraynetworks/arrayos_ag < 9.4.5.9
Published Dec 05, 2025
KEV Added Dec 08, 2025
Tracked Since Feb 18, 2026