---
title: "CISA Warns of Two Actively Exploited Vulnerabilities—Patch Now"
short_title: "CISA adds two critical exploited vulnerabilities"
description: "CISA has added CVE-2022-37055 and CVE-2025-66644 to its KEV Catalog due to active exploitation. Learn the risks and mitigation steps for these critical flaws."
author: "Vitus"
date: 2025-01-24
categories: [Cybersecurity, Vulnerabilities]
tags: [cisa, cve-2022-37055, cve-2025-66644, vulnerability-management, threat-intelligence]
score: 0.85
cve_ids: [CVE-2022-37055, CVE-2025-66644]
---
TL;DR
CISA has added two critical vulnerabilities—CVE-2022-37055 (D-Link Routers Buffer Overflow) and CVE-2025-66644 (Array Networks ArrayOS Command Injection)—to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. Federal agencies must patch immediately, but all organizations are urged to prioritize remediation to reduce exposure to cyberattacks.
---
Main Content
The Cybersecurity and Infrastructure Security Agency (CISA) has escalated its response to two newly identified vulnerabilities by adding them to its [Known Exploited Vulnerabilities (KEV) Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog). These vulnerabilities, which are being actively exploited in the wild, pose significant risks to federal agencies and private sector organizations alike. Timely remediation is critical to mitigating potential attacks.
Key Points
- CVE-2022-37055: A buffer overflow vulnerability in D-Link routers that could allow attackers to execute arbitrary code.
- CVE-2025-66644: An OS command injection vulnerability in Array Networks ArrayOS AG, enabling unauthorized command execution.
- Federal agencies are required to remediate these vulnerabilities by the specified due dates under Binding Operational Directive (BOD) 22-01.
- All organizations are strongly encouraged to prioritize patching these vulnerabilities to reduce their exposure to cyber threats.
---
Technical Details
#### CVE-2022-37055: D-Link Routers Buffer Overflow Vulnerability
This vulnerability affects certain D-Link router models and stems from improper input validation in the router's firmware. A buffer overflow condition can be triggered by sending specially crafted requests to the affected device, potentially allowing attackers to execute arbitrary code with elevated privileges. Exploitation of this flaw could lead to unauthorized access, network compromise, or further lateral movement within a targeted environment.
#### CVE-2025-66644: Array Networks ArrayOS AG OS Command Injection Vulnerability
This flaw exists in the ArrayOS AG platform, a widely used solution for application delivery and security. The vulnerability arises from insufficient sanitization of user-supplied input, enabling attackers to inject and execute arbitrary OS commands on the underlying system. Successful exploitation could result in full system compromise, data theft, or disruption of critical services.
---
Impact Assessment
Vulnerabilities listed in CISA’s KEV Catalog are frequently targeted by malicious cyber actors, including state-sponsored groups and cybercriminals. The inclusion of these two flaws underscores their high severity and active exploitation in real-world attacks. Organizations that fail to patch these vulnerabilities risk:
- Unauthorized access to sensitive data or systems.
- Network compromise, leading to data breaches or ransomware attacks.
- Disruption of critical services, particularly in sectors reliant on D-Link routers or Array Networks solutions.
Federal agencies are mandated to address these vulnerabilities promptly, but private sector organizations must also act swiftly to avoid becoming targets of opportunistic attacks.
---
Mitigation Steps
1. Immediate Patching:
- Apply the latest firmware updates for D-Link routers to mitigate CVE-2022-37055.
- Update Array Networks ArrayOS AG to the latest version to address CVE-2025-66644.
2. Network Segmentation:
- Isolate vulnerable devices from critical network segments to limit potential damage.
3. Monitoring and Detection:
- Deploy intrusion detection systems (IDS) and security information and event management (SIEM) tools to detect exploitation attempts.
4. Vulnerability Scanning:
- Conduct regular vulnerability scans to identify and remediate other potential weaknesses in your infrastructure.
5. Follow CISA Guidelines:
- Refer to CISA’s [BOD 22-01 Fact Sheet](https://www.cisa.gov/sites/default/files/publications/Reducing_the_Significant_Risk_of_Known_Exploited_Vulnerabilities_211103.pdf) for additional guidance on managing known exploited vulnerabilities.
---
Conclusion
The addition of CVE-2022-37055 and CVE-2025-66644 to CISA’s KEV Catalog serves as a stark reminder of the urgency of proactive vulnerability management. While federal agencies are required to act, all organizations must prioritize patching these flaws to safeguard their systems against active threats. Failure to do so could result in severe consequences, including data breaches, financial losses, and reputational damage.
Stay vigilant, monitor for updates, and ensure your systems are protected against these and other emerging threats.
---
References
[^1]: CISA. "[CISA Adds Two Known Exploited Vulnerabilities to Catalog](https://www.cisa.gov/news-events/alerts/2025/12/08/cisa-adds-two-known-exploited-vulnerabilities-catalog)". Retrieved 2025-01-24.
[^2]: CVE. "[CVE-2022-37055 Detail](https://www.cve.org/CVERecord?id=CVE-2022-37055)". Retrieved 2025-01-24.
[^3]: CVE. "[CVE-2025-66644 Detail](https://www.cve.org/CVERecord?id=CVE-2025-66644)". Retrieved 2025-01-24.
[^4]: CISA. "[Binding Operational Directive (BOD) 22-01](https://www.cisa.gov/binding-operational-directive-22-01)". Retrieved 2025-01-24.