Vulnerability Details CVE-2024-57728
SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.593
EPSS Ranking 98.3%
CVSS Severity
CVSS v3 Score 7.2
Proposed Action
SimpleHelp contains a path traversal vulnerability that allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.
Ransomware Campaign
Unknown
References
- https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier
- https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-57728
- https://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations/
- https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-dragonforce
Products affected by CVE-2024-57728
-
cpe:2.3:a:simple-help:simplehelp:-
-
cpe:2.3:a:simple-help:simplehelp:5.0.0
-
cpe:2.3:a:simple-help:simplehelp:5.0.1
-
cpe:2.3:a:simple-help:simplehelp:5.0.10
-
cpe:2.3:a:simple-help:simplehelp:5.0.11
-
cpe:2.3:a:simple-help:simplehelp:5.0.12
-
cpe:2.3:a:simple-help:simplehelp:5.0.13
-
cpe:2.3:a:simple-help:simplehelp:5.0.14
-
cpe:2.3:a:simple-help:simplehelp:5.0.15
-
cpe:2.3:a:simple-help:simplehelp:5.0.16
-
cpe:2.3:a:simple-help:simplehelp:5.0.17
-
cpe:2.3:a:simple-help:simplehelp:5.0.18
-
cpe:2.3:a:simple-help:simplehelp:5.0.19
-
cpe:2.3:a:simple-help:simplehelp:5.0.2
-
cpe:2.3:a:simple-help:simplehelp:5.0.20
-
cpe:2.3:a:simple-help:simplehelp:5.0.3
-
cpe:2.3:a:simple-help:simplehelp:5.0.4
-
cpe:2.3:a:simple-help:simplehelp:5.0.5
-
cpe:2.3:a:simple-help:simplehelp:5.0.6
-
cpe:2.3:a:simple-help:simplehelp:5.0.7
-
cpe:2.3:a:simple-help:simplehelp:5.0.8
-
cpe:2.3:a:simple-help:simplehelp:5.0.9
-
cpe:2.3:a:simple-help:simplehelp:5.1.0
-
cpe:2.3:a:simple-help:simplehelp:5.1.1
-
cpe:2.3:a:simple-help:simplehelp:5.1.2
-
cpe:2.3:a:simple-help:simplehelp:5.1.3
-
cpe:2.3:a:simple-help:simplehelp:5.1.4
-
cpe:2.3:a:simple-help:simplehelp:5.1.5
-
cpe:2.3:a:simple-help:simplehelp:5.1.6
-
cpe:2.3:a:simple-help:simplehelp:5.1.7
-
cpe:2.3:a:simple-help:simplehelp:5.1.8
-
cpe:2.3:a:simple-help:simplehelp:5.2.0
-
cpe:2.3:a:simple-help:simplehelp:5.2.1
-
cpe:2.3:a:simple-help:simplehelp:5.2.10
-
cpe:2.3:a:simple-help:simplehelp:5.2.11
-
cpe:2.3:a:simple-help:simplehelp:5.2.12
-
cpe:2.3:a:simple-help:simplehelp:5.2.13
-
cpe:2.3:a:simple-help:simplehelp:5.2.14
-
cpe:2.3:a:simple-help:simplehelp:5.2.15
-
cpe:2.3:a:simple-help:simplehelp:5.2.16
-
cpe:2.3:a:simple-help:simplehelp:5.2.17
-
cpe:2.3:a:simple-help:simplehelp:5.2.2
-
cpe:2.3:a:simple-help:simplehelp:5.2.3
-
cpe:2.3:a:simple-help:simplehelp:5.2.4
-
cpe:2.3:a:simple-help:simplehelp:5.2.5
-
cpe:2.3:a:simple-help:simplehelp:5.2.6
-
cpe:2.3:a:simple-help:simplehelp:5.2.7
-
cpe:2.3:a:simple-help:simplehelp:5.2.9
-
cpe:2.3:a:simple-help:simplehelp:5.3.0
-
cpe:2.3:a:simple-help:simplehelp:5.3.1
-
cpe:2.3:a:simple-help:simplehelp:5.3.2
-
cpe:2.3:a:simple-help:simplehelp:5.3.3
-
cpe:2.3:a:simple-help:simplehelp:5.3.4
-
cpe:2.3:a:simple-help:simplehelp:5.3.5
-
cpe:2.3:a:simple-help:simplehelp:5.3.6
-
cpe:2.3:a:simple-help:simplehelp:5.3.7
-
cpe:2.3:a:simple-help:simplehelp:5.3.8
-
cpe:2.3:a:simple-help:simplehelp:5.3.9
-
cpe:2.3:a:simple-help:simplehelp:5.4.0
-
cpe:2.3:a:simple-help:simplehelp:5.4.1
-
cpe:2.3:a:simple-help:simplehelp:5.4.10
-
cpe:2.3:a:simple-help:simplehelp:5.4.2
-
cpe:2.3:a:simple-help:simplehelp:5.4.3
-
cpe:2.3:a:simple-help:simplehelp:5.4.4
-
cpe:2.3:a:simple-help:simplehelp:5.4.5
-
cpe:2.3:a:simple-help:simplehelp:5.4.6
-
cpe:2.3:a:simple-help:simplehelp:5.4.7
-
cpe:2.3:a:simple-help:simplehelp:5.4.8
-
cpe:2.3:a:simple-help:simplehelp:5.4.9
-
cpe:2.3:a:simple-help:simplehelp:5.5.0
-
cpe:2.3:a:simple-help:simplehelp:5.5.1
-
cpe:2.3:a:simple-help:simplehelp:5.5.2
-
cpe:2.3:a:simple-help:simplehelp:5.5.3
-
cpe:2.3:a:simple-help:simplehelp:5.5.4
-
cpe:2.3:a:simple-help:simplehelp:5.5.5
-
cpe:2.3:a:simple-help:simplehelp:5.5.6
-
cpe:2.3:a:simple-help:simplehelp:5.5.7