A command injection vulnerability in Array Networks AG Series secure access gateways has been actively exploited since August 2025. The flaw, now tracked as CVE-2025-66644, affects the DesktopDirect remote access solution, allowing attackers to execute arbitrary commands on susceptible devices. This critical security issue was first identified and addressed by Array Networks in May 2025, as reported by The Hacker News.The vulnerability, impacting ArrayOS versions 9.4.5.8 and earlier, has been confirmed to be exploited in Japan, where attackers dropped web shells on compromised devices. The attacks originated from the IP address 194.233.100.138. While details on the scale of these attacks and the identity of the threat actors remain scarce, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added it to its Known Exploited Vulnerabilities catalog. This mandates federal agencies to apply patches by December 29, 2025. Array Networks released version 9.4.5.9 to fix the issue.The exploitation of this command injection vulnerability highlights the ongoing risks associated with remote access solutions and the importance of timely patching. CISA's inclusion of CVE-2025-66644 in its KEV catalog underscores the urgency for federal agencies to remediate the flaw, reinforcing the need for robust vulnerability management programs across all sectors. Organizations are advised to update their Array Networks devices immediately or disable the affected DesktopDirect feature if patching is not feasible.Source: The Hacker News
Network Security, Vulnerability Management, Patch/Configuration Management
Array Networks AG Series vulnerability exploited in the wild

(Adobe Stock)
An In-Depth Guide to Network Security
Get essential knowledge and practical strategies to fortify your network security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



