CVE-2024-57727

high

Description

SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords.

References

https://www.securityweek.com/simplehelp-vulnerability-exploited-against-utility-billing-software-users/

https://www.infosecurity-magazine.com/news/ransomware-simplehelp-compromise/

https://www.darkreading.com/cyberattacks-data-breaches/cisa-ransomware-attacks-simplehelp-rmm

https://therecord.media/cisa-warns-of-simplehelp-ransomware-compromises

https://thehackernews.com/2025/06/ransomware-gangs-exploit-unpatched.html

https://www.theregister.com/2025/06/12/cisa_simplehelp_flaw_exploit_warning/

https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-163a

https://thehackernews.com/2025/06/former-black-basta-members-use.html

https://www.theregister.com/2025/06/04/play_ransomware_infects_900_victims/

https://www.bleepingcomputer.com/news/security/fbi-play-ransomware-breached-900-victims-including-critical-orgs/

https://thehackernews.com/2025/05/dragonforce-exploits-simplehelp-flaws.html

https://www.theregister.com/2025/05/28/dragonforce_ransomware_gang_sets_fire/

https://www.helpnetsecurity.com/2025/05/28/attackers-hit-msp-use-its-rmm-software-to-deliver-ransomware-to-clients/

https://www.securityweek.com/dragonforce-ransomware-hackers-exploiting-simplehelp-vulnerabilities/

https://www.infosecurity-magazine.com/news/dragonforce-ransomware-msp-attack/

https://www.bleepingcomputer.com/news/security/dragonforce-ransomware-abuses-simplehelp-in-msp-supply-chain-attack/

https://securityaffairs.com/178350/cyber-crime/dragonforce-operator-chained-simplehelp-flaws-to-target-an-msp.html

https://news.sophos.com/en-us/2025/05/27/dragonforce-actors-target-simplehelp-vulnerabilities-to-attack-msp-customers/

https://thehackernews.com/2025/02/postgresql-vulnerability-exploited.html

https://www.cisa.gov/news-events/alerts/2025/02/13/cisa-adds-one-known-exploited-vulnerability-catalog

https://thehackernews.com/2025/02/hackers-exploit-simplehelp-rmm-flaws.html

https://www.bleepingcomputer.com/news/security/hackers-exploit-simplehelp-rmm-flaws-to-deploy-sliver-malware/

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-352a

Details

Source: Mitre, NVD

Published: 2025-01-15

Updated: 2025-06-09

Named Vulnerability: SimpleHelp RMM VulnerabilityNamed Vulnerability: SimpleHelp Path Traversal VulnerabilityKnown Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.93972

Vulnerability Watch

Tenable Research has classified this CVE under the following Vulnerability Watch classification, which includes active and historical (inactive) classifications. You can learn more about these classifications on our blog.

Vulnerability of Interest