How to fix CVE-2025-66644?

Within 24 hours: Inventory all Array Networks ArrayOS AG installations and identify systems running versions before 9.4.5.9; implement network segmentation to restrict access to affected devices. Within 7 days: Deploy WAF rules to block suspicious command injection patterns; enable enhanced logging and monitoring for command execution attempts; establish daily vulnerability scanning. Within 30 days: Contact Array Networks for upgrade guidance and timeline; develop and test migration or remediation plan; execute patching as soon as vendor releases updates.

Is Command Injection affected by CVE-2025-66644?

Array Networks ArrayOS AG systems are vulnerable to remote command injection attacks that are currently being exploited by threat actors in the wild.

CVE-2025-66644

EUVD-2025-201500 HIGH

2025-12-05 [email protected]

7.2

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 17:08 euvd

EUVD-2025-201500

Analysis Generated

Mar 15, 2026 - 17:08 vuln.today

Added to CISA KEV

Dec 10, 2025 - 02:00 cisa

CISA KEV

CVE Published

Dec 05, 2025 - 19:15 nvd

HIGH 7.2

Description

Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025.

Analysis

Array Networks ArrayOS AG before 9.4.5.9 contains an OS command injection vulnerability (CVE-2025-66644, CVSS 7.2) that has been actively exploited in the wild from August through December 2025. KEV-listed, this vulnerability in the VPN/SSL-VPN appliance enables authenticated attackers to execute arbitrary commands on the network edge device.

Technical Context

Array Networks AG is an SSL VPN appliance deployed at network perimeters. The command injection vulnerability allows authenticated users to inject OS commands through the appliance's management or VPN interface. The extended exploitation period (August-December 2025) suggests this was used as a zero-day by advanced threat actors, likely for initial access into corporate networks through the VPN edge device.

Affected Products

['Array Networks ArrayOS AG before 9.4.5.9']

Remediation

Upgrade ArrayOS AG to 9.4.5.9+ immediately. Assume compromise if running vulnerable version during Aug-Dec 2025. Conduct incident response investigation. Reset all VPN user credentials. Review internal network for lateral movement indicators. Check for persistent backdoors on the appliance.

Priority Score

Low Medium High Critical

KEV: +50

EPSS: +3.1

CVSS: +36

POC: 0

CVE-2025-66644 vulnerability details – vuln.today

Back

CVE-2025-66644

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-66644

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code