CVE-2025-66644

Опубликовано: 05 дек. 2025

Источник: nvd

CVSS3: 7.2

CVSS3: 9.8

EPSS Низкий

Описание

Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025.

Ссылки

https://www.bleepingcomputer.com/news/security/hackers-are-exploiting-arrayos-ag-vpn-flaw-to-plant-webshells/
Press/Media Coverage
https://www.jpcert.or.jp/at/2025/at250024.html
Third Party Advisory
https://x.com/ArraySupport/status/1921373397533032590
Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-66644
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:arraynetworks:arrayos_ag:*:*:*:*:*:*:*:*

Версия до 9.4.5.9 (исключая)

Одно из

cpe:2.3:h:arraynetworks:ag1000:-:*:*:*:*:*:*:*

cpe:2.3:h:arraynetworks:ag1000t:-:*:*:*:*:*:*:*

cpe:2.3:h:arraynetworks:ag1000v5:-:*:*:*:*:*:*:*

cpe:2.3:h:arraynetworks:ag1100:-:*:*:*:*:*:*:*

cpe:2.3:h:arraynetworks:ag1100v5:-:*:*:*:*:*:*:*

cpe:2.3:h:arraynetworks:ag1150:-:*:*:*:*:*:*:*

cpe:2.3:h:arraynetworks:ag1200:-:*:*:*:*:*:*:*

cpe:2.3:h:arraynetworks:ag1200v5:-:*:*:*:*:*:*:*

cpe:2.3:h:arraynetworks:ag1500:-:*:*:*:*:*:*:*

cpe:2.3:h:arraynetworks:ag1500fips:-:*:*:*:*:*:*:*

cpe:2.3:h:arraynetworks:ag1500v5:-:*:*:*:*:*:*:*

cpe:2.3:h:arraynetworks:ag1600:-:*:*:*:*:*:*:*

cpe:2.3:h:arraynetworks:ag1600v5:-:*:*:*:*:*:*:*

cpe:2.3:h:arraynetworks:vxag:-:*:*:*:*:*:*:*

EPSS

Процентиль: 87%

0.03506

Низкий

7.2 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-78

Связанные уязвимости

GHSA-hqfm-g725-ccqr

CVSS3: 7.2

github

13 дней назад

Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025.

EPSS

Процентиль: 87%

0.03506

Низкий

7.2 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-78