CNNVD-202512-639 Information

CNNVD ID

CNNVD-202512-639

Related CVE

CVE-2025-66644

• CNNVD Published: 2025-12-05

Description (Chinese)

Array Networks ArrayOS AG是美国安瑞科技（Array Networks）公司的一个无论用户、设备或位置如何，都可以实现安全远程访问的 SSL-VPN 产品。为任何用户、任何设备、任何地点提供对企业网络、企业应用程序和云服务的可扩展和可控的远程和移动访问。 Array Networks ArrayOS AG 9.4.5.9之前版本存在操作系统命令注入漏洞，该漏洞源于命令注入，可能导致执行任意命令。

Description (English)

Array Networks ArrayOS AG is a SSL-VPN product that can be safely accessed remotely, regardless of the user, equipment or location of Array Networks. Provide extended and controlled remote and mobile access to enterprise networks, enterprise applications and cloud services for any user, any equipment, any location. Prior to the version of Array Networks ArrayOS AG 9.4.5.9, there was a loophole in the operating system command, which originated from the injection of the order and could lead to the execution of an arbitrary order.

Hazard Level

Medium

Vulnerability Type

操作系统命令注入

Affected Vendor

安瑞科技

Published

2025-12-05

Last Modified

2026-02-24

References

https://www.bleepingcomputer.com/news/security/hackers-are-exploiting-arrayos-ag-vpn-flaw-to-plant-webshells/ https://www.jpcert.or.jp/at/2025/at250024.html https://x.com/ArraySupport/status/1921373397533032590