CVE-2024-57727

CVE Database · CVE-2024-57727

CVE-2024-57727

· HIGHAnalyzed

CVSS v3.1

7.5

EPSS

95.07%

Published

Jan 15, 2025

Modified

Nov 4, 2025

CISA Known Exploited Vulnerability

Added: 2025-02-13 · Due: 2025-03-06

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Public PoC / Exploit (3)

All weaponized →

NucleiNuclei detection template TrickestTrickest PoC index GitHub PoCimjdl/CVE-2024-57727★15

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-22CWE-22

Affected Products (1)

simple-help · simplehelp (up to 5.5.8)vulnerable

References (3)

https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier

Release Notes

https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/

Third Party Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-57727

US Government Resource

KEV Catalog EPSS Scores Vendors All CVEs