Fixed Intel

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Dec 29, 2025

CVE-2025-66644

High
EPSS 3.1%CISA KEV
Array Networks /ArrayOS AG

Description

Array Networks ArrayOS AG contains an OS command injection vulnerability that could allow an attacker to execute arbitrary commands.

EPSS — Exploit Probability

3.1%

Higher than 86.5% of all CVEs

Required Action

https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/ag.html ; https://www.jpcert.or.jp/at/2025/at250024.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-66644

Risk Assessment

ELEVATED
In CISA KEV

Details

Severity
High
EPSS
3.1%
CISA KEV
Yes
Ransomware
Unknown
Articles
0

Timeline

Published

Dec 8, 2025

Added to KEV

Dec 8, 2025

Remediation Due

Dec 29, 2025

Affected Product

Array Networks

ArrayOS AG

View all Array Networks CVEs

External Links

NVD (NIST)CVE DetailsMITRE CVE