Vulnerability Description
SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Simple-Help | Simplehelp | < 5.5.8 |
Related Weaknesses (CWE)
References
- https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabiVendor Advisory
- https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-Third Party Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-US Government Resource
- https://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gazeTechnical Description
- https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomwarThird Party Advisory
FAQ
What is CVE-2024-57728?
CVE-2024-57728 is a vulnerability with a CVSS score of 7.2 (HIGH). SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to ...
How severe is CVE-2024-57728?
CVE-2024-57728 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-57728?
Check the references section above for vendor advisories and patch information. Affected products include: Simple-Help Simplehelp.