Array Networks CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

Known exploited Array Networks CVE published 2025-12-08

CVE-2025-66644

CVE-2025-66644 is a command injection vulnerability affecting Array Networks ArrayOS AG and is listed in CISA’s Known Exploited Vulnerabilities catalog. That KEV designation means CISA has determined the issue has been exploited in the wild. The supplied corpus does not include a CVSS score or deeper technical detail, so the safest reading is that this is a high-priority exposure for any organization runn [truncated]

Known exploited Array Networks CVE published 2024-11-25

CVE-2023-28461

CVE-2023-28461 is a high-priority issue for organizations using Array Networks AG/vxAG ArrayOS because CISA has added it to the Known Exploited Vulnerabilities catalog. The supplied record identifies the flaw as a missing authentication for a critical function and marks known ransomware campaign use as "Known." CISA’s remediation guidance is to apply vendor mitigations or discontinue use of the product if [truncated]