CVE-2024-57728

Description

SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.

CVSS v3.1 Score

7.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild.

Added: Apr 24, 2026 Remediation due: May 8, 2026 Known ransomware use

Weakness Type (CWE)

CWE-59 CWE-59

CWE-22 Path Traversal

Affected Products

Vendor	Product	Versions
simple-help	simplehelp	< 5.5.8

References

Advisories & Patches

https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier

Other References

https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/ https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-57728 https://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations/ https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-dragonforce

Frequently Asked Questions

What is CVE-2024-57728? +

SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user. It has a CVSS v3.1 base score of 7.2 (HIGH). This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog, indicating active exploitation in the wild.

How severe is CVE-2024-57728? +

CVE-2024-57728 has a CVSS v3.1 score of 7.2 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.

What products are affected by CVE-2024-57728? +

CVE-2024-57728 affects products from simple-help, specifically: simplehelp. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2024-57728? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-30371

Metabase is a business intelligence and embedded analytics tool. Versions prior to v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8 are vulnerable to …

CVE-2025-4211

Improper Link Resolution Before File Access ('Link Following') vulnerability in QFileSystemEngine in the Qt corelib module on Windows which potentially …

CVE-2025-2102

Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR …

CVE-2025-52936

Improper Link Resolution Before File Access ('Link Following') vulnerability in yrutschle sslh.This issue affects sslh: before 2.2.2.

CVE-2025-53109

Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). Versions of Filesystem prior …

CVE-2025-7012

An issue in Cato Networks' CatoClient for Linux, before version 5.5, allows a local attacker to escalate privileges to root …