Ddos 
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert, adding CVE-2021-20035 to its Known Exploited Vulnerabilities (KEV) Catalog following verified evidence of active exploitation in the wild.
The vulnerability, originally disclosed in 2021 and now under renewed scrutiny, affects SonicWall SMA100 Series appliances and enables OS command injection via the management interface. It has been assigned a CVSS score of 7.2.
“This vulnerability is potentially being exploited in the wild,” SonicWall stated in a security advisory update published April 14, 2025.
CVE-2021-20035 stems from improper neutralization of special elements in the SMA100 management interface. A remote authenticated attacker can exploit the flaw to inject arbitrary operating system commands as the ‘nobody’ user, potentially leading to full code execution on the affected system.
SonicWall has released patched versions addressing the flaw:
| Product | Platform | Impacted Version | Fixed Version |
| SMA 100 Series | • SMA 200 • SMA 210 • SMA 400 • SMA 410 • SMA 500v (ESX, KVM, AWS, Azure) |
10.2.1.0-17sv and earlier | 10.2.1.1-19sv and higher |
| 10.2.0.7-34sv and earlier | 10.2.0.8-37sv and higher | ||
| 9.0.0.10-28sv and earlier | 9.0.0.11-31sv and higher |
Due to the severity and active exploitation, CISA has mandated that all Federal Civilian Executive Branch (FCEB) agencies apply mitigations by May 7, 2025. Non-compliance could expose government networks to significant compromise risks.
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA warned.
Donate