SonicWall Confirms Active Exploitation of Flaws Affecting Multiple Appliance Models

Might 01, 2025Ravie LakshmananVulnerability / VPN Safety

SonicWall has revealed that two now-patched safety flaws impacting its SMA100 Safe Cell Entry (SMA) home equipment have been exploited within the wild.

The vulnerabilities in query are listed under –

• CVE-2023-44221 (CVSS rating: 7.2) – Improper neutralization of particular components within the SMA100 SSL-VPN administration interface permits a distant authenticated attacker with administrative privilege to inject arbitrary instructions as a ‘no person’ person, probably resulting in OS Command Injection Vulnerability
• CVE-2024-38475 (CVSS rating: 9.8) – Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier permits an attacker to map URLs to file system areas which can be permitted to be served by the server

Each the issues have an effect on SMA 100 Sequence gadgets, together with SMA 200, 210, 400, 410, 500v, and have been addressed within the following variations –

• CVE-2023-44221 – 10.2.1.10-62sv and better variations (Mounted on December 4, 2023)
• CVE-2024-38475 – 10.2.1.14-75sv and better variations (Mounted on December 4, 2024)

In an replace to the advisories on April 29, 2025, SonicWall stated the vulnerabilities are probably being exploited within the wild, urging clients to assessment their SMA gadgets to make sure that there aren’t any unauthorized logins.

“Throughout additional evaluation, SonicWall and trusted safety companions recognized an extra exploitation approach utilizing CVE-2024-38475, by means of which unauthorized entry to sure information may allow session hijacking,” the corporate stated.

There are at the moment no particulars on how the vulnerabilities are being exploited, who might have been focused, and the scope and scale of those assaults.

The disclosures come weeks after the U.S. Cybersecurity and Infrastructure Safety Company (CISA) added one other safety flaw impacting SonicWall SMA 100 Sequence gateways (CVE-2021-20035, CVSS rating: 7.2) to its Identified Exploited Vulnerabilities (KEV) catalog, based mostly on proof of energetic exploitation.