What is CVE-2014-125121?

CVE-2014-125121 is a vulnerability in Array Networks Vapv, classified under Use of Hard-coded Credentials. Published 2025-07-31.

Is CVE-2014-125121 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Array Networks Vapv

CVE-2014-125121

Array Networks vAPV (version 8.3.2.17) and vxAG (version 9.2.0.34) appliances are affected by a privilege escalation vulnerability caused by a combination of hardcoded SSH credentials (or SSH private key) and insecure permissions on a star…

EPSS: 0.649 (98.5th percentile) — read the EPSS interpretation.

Affected products

Array Networks Vapv — versions 8.3.2.17
Array Networks Vxag — versions 9.2.0.34

Weakness classification (CWE)

Public proof-of-concept exploits

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/u… (exploit)
packetstorm.news/files/id/125761 (exploit)
www.exploit-db.com/exploits/32440 (exploit)
www.vulncheck.com/advisories/array-networks-vapv-vxag-default-credential-privil… (third-party-advisory)

Frequently asked questions

What is CVE-2014-125121?: CVE-2014-125121 is a vulnerability in Array Networks Vapv, classified under Use of Hard-coded Credentials. Published 2025-07-31.
Is CVE-2014-125121 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.