Threat Intelligence / CVE / CVE-2024-57728

CVE-2024-57728

CVSS 7.2 (HIGH) · EPSS 1.0% · Published 2025-01-15

SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.

CVSS v3 vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-59, CWE-22

Threats tracking this CVE

DragonForce: White-Label Ransomware Cartel — Scattered Spider Partnership & MSP Supply Chain Attacks — HIGH

References

https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier
https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/

Full detection coverage & IOCs for threats exploiting CVE-2024-57728 are available via the Threadlinqs MCP server (Purple tier). View plans →

Markdown version · Threadlinqs Intelligence