Back to KEVs

CVE-2024-57726

SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive...

Basic Information

CVE State
PUBLISHED
Reserved Date
January 09, 2025
Published Date
January 15, 2025
Last Updated
January 31, 2025
Vendor
SimpleHelp
Product
SimpleHelp
Description
SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.
Tags
malware DragonForce

CVSS Scores

CVSS v3.1

9.9 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score

Score
0.08% (Percentile: 25.52%) as of 2025-06-13

SSVC Information

Exploitation
none
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2025-05-27 00:00:00 UTC) Source
Used in Malware
Yes (added 2025-05-27 00:00:00 UTC) (DragonForce) Source

References

https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/ https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier

Known Exploited Vulnerability Information

Source Added Date
Sophos News 2025-06-05 12:02:17 UTC

Recent Mentions

DragonForce Exploits SimpleHelp Flaws to Deploy Ransomware Across Customer Endpoints

Source: TheHackerNews • Published: 2025-05-29 10:34:00 UTC

The threat actors behind the DragonForce ransomware gained access to an unnamed Managed Service Provider's (MSP) SimpleHelp remote monitoring and management (RMM) tool, and then leveraged it to exfiltrate data and drop the locker on multiple endpoints. It's believed that the attackers exploited a trio of security flaws in SimpleHelp (CVE-2024-57727, CVE-2024-57728, and CVE-2024-57726) that were

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Used in DragonForce Malware

  • Added to KEVIntel