SonicWall Exploit Chain Exposes Admin Hijack Risk via CVE-2023-44221 and CVE-2024-38475

May 4, 2025

SonicWall Exploit Chain Exposes Admin Hijack Risk via CVE-2023-44221 and CVE-2024-38475

Image: watchTowr
A newly exploit chain targeting SonicWall’s Secure Mobile Access (SMA) appliances has been released. Published by watchTowr Labs, the technical disclosure outlines how two distinct vu …

Published Date:
May 05, 2025 (1 hour, 28 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-40766

CVE-2024-38475

CVE-2023-44221

Source: Read More

Previous ArticleBridewell Uncovers ‘Operation Deceptive Prospect’ Targeting UK Organizations via Feedback Portals

Next Article CVE-2025-31191: Microsoft Exposes macOS Vulnerability Allowing App Sandbox Escape

Highlights

CVE-2025-46552 – GitHub KHC-INVITATION-AUTOMATION Unauthenticated User Data Disclosure

April 30, 2025

CVE ID : CVE-2025-46552

Published : April 29, 2025, 11:16 p.m. | 3 hours, 52 minutes ago

Description : KHC-INVITATION-AUTOMATION is a GitHub automation script that automatically invites followers of a bot account to join your organization. In some commits on version 1.2, a vulnerability was identified where user data, including email addresses and Discord usernames, were exposed in API responses without proper access controls. This allowed unauthorized users to access sensitive user information by directly calling specific endpoints. This issue has been patched in a later commit on version 1.2.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Error’d: You Talkin’ to Me?

The Psychology Of Trust In AI: A Guide To Measuring And Designing For User Confidence

This week in AI updates: OpenAI Codex updates, Claude integration in Xcode 26, and more (September 19, 2025)

Report: The major factors driving employee disengagement in 2025

Development Release: Zorin OS 18 Beta

Distribution Release: IPFire 2.29 Core 197

Development Release: Ubuntu 25.10 Beta

Development Release: Linux Mint 7 Beta “LMDE”

The attack on the npm ecosystem continues

The attack on the npm ecosystem continues

Feature Highlight

SVAR React Core – New UI Library with 20+ Components

Hyprland Made Easy: Preconfigured Beautiful Distros

Hyprland Made Easy: Preconfigured Beautiful Distros

Development Release: Zorin OS 18 Beta

Distribution Release: IPFire 2.29 Core 197

SonicWall Exploit Chain Exposes Admin Hijack Risk via CVE-2023-44221 and CVE-2024-38475

SonicWall Exploit Chain Exposes Admin Hijack Risk via CVE-2023-44221 and CVE-2024-38475

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks

Using ‘one of Windows 11’s few truly useful AI features’ is about to get easier

CVE-2025-6133 – Projectworlds Life Insurance Management System SQL Injection Vulnerability

CVE-2025-4951 – Rapid7 AppSpider Pro Stored Cross-Site Scripting Vulnerability

CVE-2025-46552 – GitHub KHC-INVITATION-AUTOMATION Unauthenticated User Data Disclosure

Windows Security in 2025: Battling Sophisticated Threats with Advanced Defenses

Onboarding your AI peer programmer: Setting up GitHub Copilot coding agent for success

Post-Process Query Results Elegantly with Laravel’s afterQuery Method

SonicWall Exploit Chain Exposes Admin Hijack Risk via CVE-2023-44221 and CVE-2024-38475

SonicWall Exploit Chain Exposes Admin Hijack Risk via CVE-2023-44221 and CVE-2024-38475

Related Posts