Vulnerability detail

Enriched intelligence for a single CVE

7.2

CVSS
High

CVE-2024-57728

PUBLISHED

SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a...

1 day faster than CISA KEV

Exploited in the wild Used in malware Remote Low complexity No user interaction

Vendor: SimpleHelp
Product: SimpleHelp remote support software
Published: Jan 15, 2025
EPSS: 54.1% · 98% pctl

Automate this intelligence with the Pro API

Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot data — is available programmatically for VM, SOC, and CTI workflows.

Learn about Pro

Description

SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.

cisa malware

Weaknesses (CWE)

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSS scores

CVSS v3.1 7.2 High

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2026-06-01 13:23:43 UTC · CVE

Used in malware

Recorded 2026-06-02 14:01:24 UTC · CVE

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CVE First	2026-06-01 13:23 UTC
CISA	2026-06-02 14:01 UTC

Timeline

CVE ID Reserved

2025-01-09 00:00 UTC
CVE Published to Public

2025-01-15 00:00 UTC
Added to KEVIntel

2026-06-01 13:23 UTC
KEV confirmed by CISA

2026-06-02 14:01 UTC
Exploit Used in Malware

2026-06-02 14:01 UTC