NVD disclosure day

Published threat advisories for December 5, 2025

CVE-2025-34291

Langflow account takeover and code execution vulnerability affects customer data and systems.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A critical flaw in Langflow lets attackers steal user sessions and run malicious code, potentially compromising your systems and data by exploiting a web configuration weakness.

NVD published: December 5, 2025 • CISA KEV

CVE advisoryKnown Exploit

CVE-2025-66644

ArrayOS Command Injection Vulnerability

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

Array Networks ArrayOS AG, used in secure access gateways, has a command injection vulnerability. This flaw allows attackers to execute arbitrary commands, potentially leading to unauthorized access and data compromise. Organizations using affected versions face significant business risk due to the potential for system

NVD published: December 5, 2025 • CISA KEV