The vulnerabilities affect SonicWall's SMA devices for secure remote access, which have been heavily targeted by threat actors in the past.
May 6, 2025 By Kristina Beek
CISA added two older SonicWall bugs to the Known Exploited Vulnerabilities (KEV) catalog, marking the latest threat activity targeting the network security vendor's products.
The vulnerabilities are tracked as CVE-2023-44221 and CVE-2024-38475 and affect SonicWall's SMA 200, SMA 210, SMA 400, SMA 410, and SMA 500v secure remote access products. They can be exploited remotely to inject OS commands and map URLs to file system locations.
SonicWall vulnerabilities are popular targets for a variety of threat actors. In January, CISA warned another vulnerability affecting SonicWall SMA devices, tracked as CVE-2025-23006, was under attack.
According to researchers at WatchTowr, CVE-2023-44221, which was given a CVSS score of 7.2, is an Apache HTTP pre-authentication arbitrary file read, and CVE-2024-38475, with a CVSS score of 9.8, is a post-authentication command injection.
