Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
7DescriptionCVE.org
Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025.
AnalysisAI
Array Networks ArrayOS AG before 9.4.5.9 contains an OS command injection vulnerability (CVE-2025-66644, CVSS 7.2) that has been actively exploited in the wild from August through December 2025. KEV-listed, this vulnerability in the VPN/SSL-VPN appliance enables authenticated attackers to execute arbitrary commands on the network edge device.
Technical ContextAI
Array Networks AG is an SSL VPN appliance deployed at network perimeters. The command injection vulnerability allows authenticated users to inject OS commands through the appliance's management or VPN interface. The extended exploitation period (August-December 2025) suggests this was used as a zero-day by advanced threat actors, likely for initial access into corporate networks through the VPN edge device.
RemediationAI
Upgrade ArrayOS AG to 9.4.5.9+ immediately. Assume compromise if running vulnerable version during Aug-Dec 2025. Conduct incident response investigation. Reset all VPN user credentials. Review internal network for lateral movement indicators. Check for persistent backdoors on the appliance.
More in Arrayos Ag
View allMotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows remote command execution via crafted packets. Rated
Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. Rated critical severity (CV
Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege
Array AG OS before 9.4.0.499 allows denial of service: remote attackers can cause system service processes to crash thro
The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb t
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-201500