CVE-2024-57728
CVE-2024-57728
In short
SimpleHelp remote support software versions 5.5.7 and earlier allow administrators to upload files to any location on the server through a specially crafted zip file. An attacker with admin access can exploit this to place malicious files and execute arbitrary code on the system.
Technical detail
The vulnerability exploits improper path validation during zip file extraction (zip slip attack), allowing authenticated admin users to bypass directory restrictions through relative path traversal in archive entries. This enables arbitrary code execution in the context of the SimpleHelp server process without additional user interaction.
Summary generated and translated by AI from the official description.
SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlierhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-57728https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/https://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations/https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-dragonforce