CVE-2025-66644 - PatchNow

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-12-05

Added to CISA KEV: 2025-12-08 3 DAYS BETWEEN CVE AND KEV

CRITICAL: Check for indicators of compromise - this vulnerability is actively exploited in the wild. Review logs for suspicious command execution, check for webshells, verify system integrity, and audit user accounts for unauthorized access
Immediately update ArrayOS AG to version 9.4.5.9 or later
Monitor VPN access logs for anomalous authentication patterns and command execution
Implement network segmentation to limit potential lateral movement if compromised
Consider temporarily restricting VPN access to essential users only until patching is complete
HIGHEST patch priority - critical infrastructure actively under attack

Here's what is known about the CVE-2025-66644 vulnerability:

Summary:

CVE-2025-66644 affects Array Networks ArrayOS AG versions before 9.4.5.9 and involves a command injection vulnerability ^[1]^[2].
It has been exploited in the wild between August and December 2025 ^[1]^[2].

Specifics:

Affected Applications/Services: Array Networks ArrayOS AG. The vulnerability potentially affects internet-facing applications or services due to the nature of command injection vulnerabilities in network appliances ^[1].
Exploitation: There is evidence of active exploitation in the wild between August and December 2025 ^[1]^[2].
Attack Vectors/Exploitation Methods: The vulnerability is a command injection, meaning an attacker can inject arbitrary commands into the system ^[1].
Targeted Attacks: While it's confirmed that the vulnerability has been actively exploited, there is no specific information available confirming if these exploits were used in targeted attacks.
CISA Known Exploited Vulnerabilities Status: A CISA bulletin mentions CVE-2025-66644 ^[3].
Internet Exploitability: The command injection vulnerability in ArrayOS AG suggests it is internet exploitable, especially if the affected devices are exposed to the internet ^[1].

Caveats:

The information available is limited, but it does confirm active exploitation of a command injection vulnerability in Array Networks ArrayOS AG.

CVE-2025-66644 Security Vulnerability & Exploit Details
CVE-2025-66644: Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025.
CVE-2025-66577 Security Vulnerability & Exploit Details
CVE-2025-66577 Vulnerability Analysis & Exploit Details.Join the top cybersecurity professionals safeguarding today's infrastructures. Other 5 Recently Published CVEs Vulnerabilities. CVE-2025-66644 – Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in Augu…
Vulnerability Summary for the Week of December 1, 2025
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability ... CVE-2025-66644 · https://www.jpcert.or.jp/at/2025/ ...

🔴 CVE-2025-66644