CVE-2024-57727
SimpleHelp Path Traversal Vulnerability
CVSS
—
No CVSS
EPSS
95.2%
p100
KEV
YES
Feb 13, 2025
Exploit Today
80
0-100
Published: — · Last modified: —
Product
SimpleHelp / SimpleHelp
Vulnerability
SimpleHelp Path Traversal Vulnerability
Added to KEV
Feb 13, 2025
Remediate by
Mar 6, 2025
Known ransomware use
Yes
Summary description
SimpleHelp remote support software contains multiple path traversal vulnerabilities that allow unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files may include server configuration files and hashed user passwords.
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes
https://simple-help.com/kb---security-vulnerabilities-01-2025 ; Additional CISA Mitigation Instructions: https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-163a ; https://nvd.nist.gov/vuln/detail/CVE-2024-57727