This vulnerability allows command injection in Array Networks ArrayOS AG versions before 9.4.5.9. The flaw has been actively exploited in the wild from August through December 2025. With a CVSS score of 7.2, this high-severity vulnerability poses considerable risks to organizations that utilize this software.
Risk to organizations includes the potential for unauthorized command execution, which could lead to further compromise of sensitive data and resources. As this vulnerability has been confirmed to be exploited in real-world scenarios, organizations should prioritize patching immediately.
Current exploitation status indicates that there is no public exploit available, yet the vulnerability is categorized as critical due to its potential impact. Organizations running affected versions of ArrayOS AG must take swift action to secure their systems.
Given the urgency of this issue, organizations should address this vulnerability in their priority patch cycle to mitigate risks associated with potential exploitation.
Vulnerability Details
The official description states that Array Networks ArrayOS AG versions prior to 9.4.5.9 allow command injection. The vulnerability is classified under CWE-78, indicating a command injection issue. The CVSS base score for this vulnerability is 7.2, which reflects a high severity level, indicating that it poses a significant risk to affected systems.
The vulnerability affects the ArrayOS AG product from Array Networks, which is used in various network environments. It was published on December 5, 2025, indicating a relatively recent discovery.
Technical Analysis
The root cause of this vulnerability stems from inadequate input validation, allowing attackers to inject arbitrary commands through the affected software. The attack vector is network-based, which means attackers can exploit the flaw without physical access to the device.
The attack complexity is classified as low, meaning that it can be exploited easily without requiring advanced skills. The privileges required for exploitation are high, indicating that an attacker may need to have some level of access to be able to execute commands.
User interaction is not required, which further increases the risk as attackers can execute commands without any action from the end user. The vulnerability has a high impact on confidentiality, integrity, and availability, meaning that successful exploitation can lead to severe consequences for affected systems.
Risk & Impact Analysis
Real-world deployment of the affected ArrayOS AG product poses substantial risk due to the command injection vulnerability. Attackers may leverage this flaw to execute arbitrary commands, potentially leading to a full system compromise.
The blast radius of this vulnerability is significant, as organizations utilizing Array Networks products may face extensive operational disruptions and data breaches if not remediated promptly. Given the CVSS score and known exploitation in the wild, organizations must assess their exposure and prioritize remediation efforts.
Organizations should schedule remediation as soon as possible and monitor for any signs of exploitation. Following vendor guidance and implementing proper security controls is crucial in mitigating the risks associated with this vulnerability.
Exploitation Status
Signal | Status |
|---|---|
Known Exploit | No |
Public PoC | No |
Actively Exploited | Yes |
Ransomware Use | No |
Affected Versions
The vulnerability affects all versions of Array Networks ArrayOS AG prior to 9.4.5.9. Organizations should verify their systems to ensure they are not running vulnerable versions.
Mitigation & Remediation
Organizations should apply the latest patch or update provided by Array Networks to remediate this vulnerability. It is crucial to follow vendor instructions closely and apply mitigations as soon as possible.
If a patch is unavailable, organizations should consider implementing configuration hardening and network controls to limit exposure to potential attacks. Regular monitoring for anomalous behavior is also recommended.
Penetration testing can also help validate the effectiveness of the applied mitigations.
Detection Guidance
Organizations should monitor logs for unusual command executions or access patterns that may indicate exploitation attempts. Behavioral anomalies in network traffic should also be investigated.
Employing network signatures to detect potential exploitation attempts can provide an additional layer of security.
AppSecure Threat Intelligence Insight
The long-term significance of this vulnerability highlights the ongoing challenges organizations face in securing network infrastructure. The pattern of command injection vulnerabilities shows an increasing trend and emphasizes the need for robust security practices.
Security teams should take this incident as a lesson to enhance their defensive strategies by continuously updating and testing their security measures.
Organizations are encouraged to review their security posture and consider engaging in services such as red teaming to proactively identify vulnerabilities.
Additionally, organizations can benefit from a thorough understanding of the attack surface through application security assessments to identify potential weaknesses.
In conclusion, staying vigilant and proactive in addressing vulnerabilities like CVE-2025-66644 is essential for maintaining a secure environment.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)