ГлавнаяУязвимости → CVE-2025-66644
7.2высокая

CVE-2025-66644

→ есть в БДУ: BDU:2025-16185 (на русском)
Описание (на английском; русское — в БДУ выше)

Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025.

Затрагиваемое ПО
Arraynetworks Arrayos agArraynetworks Ag1000Arraynetworks Ag1000tArraynetworks Ag1000v5Arraynetworks Ag1100Arraynetworks Ag1100v5Arraynetworks Ag1150Arraynetworks Ag1200Arraynetworks Ag1200v5Arraynetworks Ag1500Arraynetworks Ag1500fipsArraynetworks Ag1500v5Arraynetworks Ag1600Arraynetworks Ag1600v5Arraynetworks Vxag
CVSS
Балл7.2 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.bleepingcomputer.com/news/security/hackers-are-exploiting-arrayos-ag-vpn-flaw-to-plant-webshells/https://www.jpcert.or.jp/at/2025/at250024.htmlhttps://x.com/ArraySupport/status/1921373397533032590https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-66644