Skip to main content

Arrayos Ag

6 CVEs product

Monthly

CVE-2025-66644 HIGH KEV PATCH THREAT Act Now

Array Networks ArrayOS AG before 9.4.5.9 contains an OS command injection vulnerability (CVE-2025-66644, CVSS 7.2) that has been actively exploited in the wild from August through December 2025. KEV-listed, this vulnerability in the VPN/SSL-VPN appliance enables authenticated attackers to execute arbitrary commands on the network edge device.

Command Injection Arrayos Ag
NVD
CVSS 3.1
7.2
EPSS
3.1%
CVE-2023-51707 CRITICAL Act Now

MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows remote command execution via crafted packets. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Arrayos Ag
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-41121 HIGH PATCH This Week

Array AG OS before 9.4.0.499 allows denial of service: remote attackers can cause system service processes to crash through abnormal HTTP operations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Arrayos Ag
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-28461 CRITICAL KEV THREAT Act Now

Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Arrayos Ag
NVD
CVSS 3.1
9.8
EPSS
67.6%
CVE-2023-24613 MEDIUM This Month

The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Arrayos Ag
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2022-42897 CRITICAL PATCH Act Now

Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Privilege Escalation Arrayos Ag
NVD
CVSS 3.1
9.8
EPSS
1.5%
EPSS 3% CVSS 7.2
HIGH KEV PATCH THREAT Act Now

Array Networks ArrayOS AG before 9.4.5.9 contains an OS command injection vulnerability (CVE-2025-66644, CVSS 7.2) that has been actively exploited in the wild from August through December 2025. KEV-listed, this vulnerability in the VPN/SSL-VPN appliance enables authenticated attackers to execute arbitrary commands on the network edge device.

Command Injection Arrayos Ag
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows remote command execution via crafted packets. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Arrayos Ag
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Array AG OS before 9.4.0.499 allows denial of service: remote attackers can cause system service processes to crash through abnormal HTTP operations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Arrayos Ag
NVD
EPSS 68% CVSS 9.8
CRITICAL KEV THREAT Act Now

Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Arrayos Ag
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service +1
NVD
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Privilege Escalation Arrayos Ag
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy