Back to KEVs

CVE-2024-57728

SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a...

Basic Information

CVE State
PUBLISHED
Reserved Date
January 09, 2025
Published Date
January 15, 2025
Last Updated
January 31, 2025
Vendor
SimpleHelp
Product
SimpleHelp
Description
SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.
Tags
malware DragonForce

CVSS Scores

CVSS v3.1

7.2 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Score
0.30% (Percentile: 52.59%) as of 2025-06-13

SSVC Information

Exploitation
none
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2025-05-27 00:00:00 UTC) Source
Used in Malware
Yes (added 2025-05-27 00:00:00 UTC) (DragonForce) Source

References

https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/ https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier

Known Exploited Vulnerability Information

Source Added Date
Sophos News 2025-06-05 12:02:10 UTC

Recent Mentions

DragonForce Exploits SimpleHelp Flaws to Deploy Ransomware Across Customer Endpoints

Source: TheHackerNews • Published: 2025-05-29 10:34:00 UTC

The threat actors behind the DragonForce ransomware gained access to an unnamed Managed Service Provider's (MSP) SimpleHelp remote monitoring and management (RMM) tool, and then leveraged it to exfiltrate data and drop the locker on multiple endpoints. It's believed that the attackers exploited a trio of security flaws in SimpleHelp (CVE-2024-57727, CVE-2024-57728, and CVE-2024-57726) that were

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Used in DragonForce Malware

  • Added to KEVIntel