← Back to CVEs
CVE-2024-57727
HIGHCISA KEV7.5
Description
SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords.
CVE Details
CVSS v3.1 Score7.5
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published1/15/2025
Last Modified11/4/2025
Sourcekev
Honeypot Sightings0
CISA KEV
VendorSimpleHelp
ProductSimpleHelp
Vulnerability NameSimpleHelp Path Traversal Vulnerability
KEV Date Added2025-02-13
Remediation Due Date2025-03-06
Ransomware UseKnown
Affected Products
simple-help:simplehelp
Weaknesses (CWE)
CWE-22CWE-22
References
https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier(cve@mitre.org)
https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/(cve@mitre.org)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-57727(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.