{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-16T13:40:06.169","vulnerabilities":[{"cve":{"id":"CVE-2025-66644","sourceIdentifier":"cve@mitre.org","published":"2025-12-05T19:15:53.293","lastModified":"2025-12-10T02:00:02.557","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025."},{"lang":"es","value":"Array Networks ArrayOS AG anterior a 9.4.5.9 permite la inyección de comandos, tal como fue explotado en el mundo real entre agosto y diciembre de 2025."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"cisaExploitAdd":"2025-12-08","cisaActionDue":"2025-12-29","cisaRequiredAction":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","cisaVulnerabilityName":"Array Networks ArrayOS AG OS Command Injection Vulnerability","weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:arraynetworks:arrayos_ag:*:*:*:*:*:*:*:*","versionEndExcluding":"9.4.5.9","matchCriteriaId":"10896125-DBC8-46DD-8F4E-C6A9A9ED7D16"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:arraynetworks:ag1000:-:*:*:*:*:*:*:*","matchCriteriaId":"EBE11A77-8C2F-46CA-87BA-47624380FFC1"},{"vulnerable":false,"criteria":"cpe:2.3:h:arraynetworks:ag1000t:-:*:*:*:*:*:*:*","matchCriteriaId":"5ED51E1F-3155-40C6-B61C-73D6A9F64987"},{"vulnerable":false,"criteria":"cpe:2.3:h:arraynetworks:ag1000v5:-:*:*:*:*:*:*:*","matchCriteriaId":"F0BC33CF-FA0B-4556-B11E-61FF9B14880A"},{"vulnerable":false,"criteria":"cpe:2.3:h:arraynetworks:ag1100:-:*:*:*:*:*:*:*","matchCriteriaId":"CD94C3C7-FA86-47EC-8D5C-4805CC9D7739"},{"vulnerable":false,"criteria":"cpe:2.3:h:arraynetworks:ag1100v5:-:*:*:*:*:*:*:*","matchCriteriaId":"A9C8C9AE-AF59-4E5A-93CD-A394F1A31FA0"},{"vulnerable":false,"criteria":"cpe:2.3:h:arraynetworks:ag1150:-:*:*:*:*:*:*:*","matchCriteriaId":"5E025A9D-6B7C-42B6-95EA-0A5726A919F4"},{"vulnerable":false,"criteria":"cpe:2.3:h:arraynetworks:ag1200:-:*:*:*:*:*:*:*","matchCriteriaId":"0771D54C-15DF-403C-8CFA-B1E7D0136F50"},{"vulnerable":false,"criteria":"cpe:2.3:h:arraynetworks:ag1200v5:-:*:*:*:*:*:*:*","matchCriteriaId":"7C9F6B87-E3D2-419A-B086-B981EF912F80"},{"vulnerable":false,"criteria":"cpe:2.3:h:arraynetworks:ag1500:-:*:*:*:*:*:*:*","matchCriteriaId":"D385DBD0-C4A9-4168-82C2-832E0E40F42D"},{"vulnerable":false,"criteria":"cpe:2.3:h:arraynetworks:ag1500fips:-:*:*:*:*:*:*:*","matchCriteriaId":"01569AB3-736D-47FE-86DD-F08ACDDCD11E"},{"vulnerable":false,"criteria":"cpe:2.3:h:arraynetworks:ag1500v5:-:*:*:*:*:*:*:*","matchCriteriaId":"22E45185-071F-414A-AF78-4739F15A1D93"},{"vulnerable":false,"criteria":"cpe:2.3:h:arraynetworks:ag1600:-:*:*:*:*:*:*:*","matchCriteriaId":"C6F0988E-5E75-486A-9229-956D38A51C35"},{"vulnerable":false,"criteria":"cpe:2.3:h:arraynetworks:ag1600v5:-:*:*:*:*:*:*:*","matchCriteriaId":"1D09E2CC-C1B5-40DC-AD1A-7C6AB20525DC"},{"vulnerable":false,"criteria":"cpe:2.3:h:arraynetworks:vxag:-:*:*:*:*:*:*:*","matchCriteriaId":"6E149796-E3D7-4FAF-AB64-8D273E701861"}]}]}],"references":[{"url":"https://www.bleepingcomputer.com/news/security/hackers-are-exploiting-arrayos-ag-vpn-flaw-to-plant-webshells/","source":"cve@mitre.org","tags":["Press/Media Coverage"]},{"url":"https://www.jpcert.or.jp/at/2025/at250024.html","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://x.com/ArraySupport/status/1921373397533032590","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-66644","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}}]}