SonicWall has disclosed that two critical vulnerabilities affecting its SMA100 Secure Mobile Access appliances—CVE-2023-44221 and CVE-2024-38475—have been actively exploited in the wild. CVE-2023-44221 is a post-authentication command injection flaw in the management interface, while CVE-2024-38475 is an Apache HTTP Server mod_rewrite vulnerability allowing unauthorized file access and potential session hijacking. These vulnerabilities affect SMA 100 series devices, including SMA 200, 210, 400, 410, and 500v, and have been patched in firmware versions 10.2.1.10-62sv and 10.2.1.14-75sv, respectively. The U.S. CISA added both to its Known Exploited Vulnerabilities (KEV) catalog on May 1, 2025, requiring federal agencies to patch by May 22. Security firm watchTowr Labs revealed that these flaws are being chained for session hijacking and command execution, emphasizing the critical risk and urging immediate patching.

‍