AI description
CVE-2024-57728 is a path traversal vulnerability affecting SimpleHelp remote support software versions 5.5.7 and earlier. This flaw enables authenticated administrative users to upload arbitrary files to any location on the file system by exploiting a "zip slip" technique with a specially crafted zip file. Successful exploitation of this vulnerability can lead to the execution of arbitrary code on the host system, operating within the security context of the SimpleHelp server user. This CVE has been observed as part of a chain of vulnerabilities that could be exploited by attackers.
- Description
- SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- simplehelp
CVSS 3.1
- Type
- Primary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- SimpleHelp Path Traversal Vulnerability
- Exploit added on
- Apr 24, 2026
- Exploit action due
- May 8, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
CVE-2024-57728: Zip-slip path traversal in SimpleHelp lets an admin write files anywhere and achieve code execution as the SimpleHelp server user. Now in CISA KEV.
@lyrie_ai
4 May 2026
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
A path traversal vulnerability (CVE-2024-57728) affects SimpleHelp. Mitigate by following vendor guidance or consider discontinuing use if patches aren’t available. Check your systems for this if you use SimpleHelp. #Cybersecurity
@ADKCyber
3 May 2026
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A vulnerability in SimpleHelp (CVE-2024-57728) is known to be exploited. Review vendor guidance for mitigation or consider discontinuing use if no fix is available. Stay aware and act based on your risk level. #cybersecurity
@ADKCyber
30 Apr 2026
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
BREAKING: CISA adds SimpleHelp remote support CVE-2024-57728 and CVE-2024-57726 to KEV catalog after active exploitation of code execution and admin privilege escalation flaws in v5.5.7 and earlier. https://t.co/XkkQ4EbqN5
@threatcluster
27 Apr 2026
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISAが既知の悪用された脆弱性4件をカタログに追加 CISA Adds Four Known Exploited Vulnerabilities to Catalog #CISA (Apr 24) CVE-2024-7399 Samsung MagicINFO 9 サーバーのパス・トラバーサル脆弱性 CVE-2024-57726 SimpleHelpの認証機能の欠
@foxbook
27 Apr 2026
203 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA alerts on critical SimpleHelp vulnerabilities (CVE-2024-57726 & CVE-2024-57728) actively exploited. Immediate patching required to prevent unauthorized access. Link: https://t.co/ow1gaL5gFL #Security #Vulnerabilities #Exploits #Patching #Unauthorized #Access #CISA #Alert
@dailytechonx
26 Apr 2026
15 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🛑 IR / SOC Alert: SimpleHelp flaws CVE-2024-57726 and CVE-2024-57728 are now KEV priorities. Patch, isolate, restrict exposure, and review logs for suspicious remote-support activity. https://t.co/KfVix38qB1 #IncidentResponse #VulnerabilityManagement #RemoteSupport https://t.
@SecureComputer0
25 Apr 2026
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
TRC analysis shows attackers chaining CVE-2024-57726 and CVE-2024-57728 to escalate from low-privilege SimpleHelp accounts to full system compromise via malicious file uploads. The privilege escalation through API key manipulation enables broader lateral movement across connected
@aviatrixtrc
25 Apr 2026
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Attackers chained SimpleHelp vulnerabilities (CVE-2024-57726, CVE-2024-57728) to escalate from low-privilege technician accounts to full admin control. TRC analysis shows attackers leveraged excessive API key permissions before moving laterally across networks. Runtime
@aviatrixtrc
25 Apr 2026
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA added CVE-2024-57728 to KEV: zip-slip in SimpleHelp lets an admin write files anywhere → RCE. Pairs with CVE-2024-57726 (low-priv tech → admin) for full takeover. Ransomware crews used this MSP chain last year. https://t.co/hF2jhxdii4
@TechTranslators
25 Apr 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISAが既知の悪用された脆弱性4件をカタログに追加 https://t.co/sXZPpnkL5q CVE-2024-7399 Samsung MagicINFO 9 サーバーのパス・トラバーサル脆弱性 CVE-2024-57726 SimpleHelpの認証機能の欠落に関する脆弱性 CVE-2024-57728 SimpleHe
@cybersecnews_jp
25 Apr 2026
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 BREAKING: #BreakingNews CISA adds 4 exploited flaws to KEV catalog: CVE-2024-7399 (Samsung MagicINFO 9 Server), CVE-2024-57726 & CVE-2024-57728 (SimpleHelp), CVE-2025-29635 (D-Link DIR-823X routers). Sets May 2026 federal deadline. #US #Cybersecurity #CISA #KEV https://t
@Archange_Shadow
25 Apr 2026
162 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【概ね平和】米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログに4件の脆弱性を追加。Samsung MagicINFO 9 ServerのCVE-2024-7399、SimpleHelpのCVE-2024-57726とCVE-2024-57728、D-Link DIR-823XのC
@__kokumoto
24 Apr 2026
950 Impressions
0 Retweets
2 Likes
1 Bookmark
1 Reply
0 Quotes
🔴 SimpleHelp, Zip Slip Arbitrary File Upload, #CVE-2024-57728 (High) https://t.co/TkcvHiP0WQ
@dailycve
24 Apr 2026
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
‼️ Four vulnerabilities have been added to the CISA KEV Catalog CVE-2025-29635 - D-Link DIR-823X Command Injection Vulnerability CVE-2024-7399 - Samsung MagicINFO 9 Server Path Traversal Vulnerability CVE-2024-57728 - SimpleHelp Path Traversal Vulnerability CVE-2024-57726
@DarkWebInformer
24 Apr 2026
3949 Impressions
6 Retweets
20 Likes
7 Bookmarks
1 Reply
0 Quotes
CISA published an advisory on the exploitation of this unauthenticated path traversal vulnerability that can be chained with CVE-2024-57728, an authenticated arbitrary file upload, resulting in remote code execution. Full analysis and IOCs on AttackerKB: https://t.co/yl9MkRhHqU
@rapid7
13 Jun 2025
1036 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Articles like this just highlight the need for a solution like ZKX Helix. "ransomware groups, have been observed exploiting three vulnerabilities in the remote monitoring and management (RMM) software SimpleHelp... Tracked as CVE-2024-57727, CVE-2024-57728, and CVE-2024-57726,
@zkxsolutions
5 Jun 2025
64 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 DragonForce ransomware group exploited SimpleHelp RMM tool to exfiltrate data and deploy ransomware. Three vulnerabilities (CVE-2024-57727, CVE-2024-57728, CVE-2024-57726) likely used. #CyberSecurity #Ransomware https://t.co/B8id4j6KrT https://t.co/LovB8l3lUx
@CyberHub_blog
30 May 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Does your MSP use the RMM tool of Simple Help? Have you checked and patched for these CVEs: CVE-2024-57727, CVE-2024-57728, and CVE-2024-57726? How are you managing your 3rd Party Risks? Or have you considered 3rd party risks as part of your overall risk management?
@irsecfink
28 May 2025
40 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Des chercheurs de Sophos ont révélé que des opérateurs du ransomware DragonForce ont exploité une chaîne de trois vulnérabilités (CVE-2024-57727, CVE-2024-57728, CVE-2024-57726) dans le logiciel SimpleHelp pour attaquer un fournisseur de services gérés. https://t.co/koZ
@cert_ist
28 May 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Comment: CVE-2024-57728: A free pass for malware uploads? So, like a “bring your own ransomware” party? Does this mean attackers are now curating playlists of malicious code?... #RansomwareAttacks https://t.co/yuhBr9c3wh
@storagetechnews
20 Feb 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-57726., CVE-2024-57727., CVE-2024-57728. Enterprise egg-shell
@byt3n33dl3
15 Feb 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Vulnerabilidades de SimpleHelp RMM (CVE-2024-57726, CVE-2024-57727 y CVE-2024-57728) señaladas por Arctic permiten implementar puertas traseras y crear cuentas para obtener control administrativo, instalar puertas traseras y eventualmente desplegar ransomware. 🧉 https://t.co/Uq
@MarquisioX
11 Feb 2025
35 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Threat actors exploit newly disclosed vulnerabilities in SimpleHelp's Remote Monitoring and Management (RMM) software to gain unauthorized access and lay the groundwork for ransomware attacks. These vulnerabilities (CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728) https://t.co
@smart_c_intel
10 Feb 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Hackers are targeting vulnerable SimpleHelp RMM clients to create administrator accounts, drop backdoors, and potentially lay the groundwork for ransomware attacks. The flaws are tracked as CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728. https://t.co/gg6fqRHwqF https://t.co/y
@riskigy
9 Feb 2025
32 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Hackers are exploiting vulnerabilities in SimpleHelp RMM, tracked as CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728, to breach corporate networks. Attackers create unauthorized admin accounts, install backdoors, and may prepare for ransomware attacks. Evidence suggests links…
@y1659rsgh
8 Feb 2025
4 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SimpleHelp RMM flaws exploited to breach corporate networks: https://t.co/dzrUnoyfkC Hackers are exploiting vulnerabilities in SimpleHelp RMM, tracked as CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728, to breach corporate networks. Attackers create unauthorized admin… https:
@securityRSS
7 Feb 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 URGENT: Attackers are exploiting newly discovered flaws in SimpleHelp RMM software to establish persistent access to networks and deploy ransomware. CVE-2024-57726, CVE-2024-57727, CVE-2024-57728: Flaws enabling privilege escalation, remote code execution. https://t.co/pHaiAm
@SamTechwest
7 Feb 2025
68 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Hackers are exploiting vulnerabilities in SimpleHelp RMM (CVE-2024-57726, CVE-2024-57727, CVE-2024-57728) for ransomware attacks. Organizations must update their software to reduce risk. 🛡️💻 #RMM #Ransomware #USA link: https://t.co/iIX2aGlrYX https://t.co/i81hVkLDco
@TweetThreatNews
7 Feb 2025
17 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 URGENT: Attackers are exploiting newly discovered flaws in SimpleHelp RMM software to establish persistent access to networks and deploy ransomware. CVE-2024-57726, CVE-2024-57727, CVE-2024-57728: Flaws enabling privilege escalation, remote code execution. 👉 Secure your… ht
@TheHackersNews
7 Feb 2025
46405 Impressions
47 Retweets
134 Likes
16 Bookmarks
3 Replies
3 Quotes
Уязвимости в SimpleHelp Remote Monitoring and Management (RMM), такие как CVE-2024-57726, CVE-2024-57727 и CVE-2024-57728, позволяют злоумышленникам загружать и выгружать файлы, а также повышать привилегии до уровня администратора. Подробнее https://t.co/TrPw17sEP7 https://t.co/D
@KZCERT
30 Jan 2025
73 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
From @AWNetworks: A campaign has been observed involving unauthorized access to devices running #SimpleHelp RMM software as an initial access vector. This came just a week after we publicly disclosed CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728 in SimpleHelp. For the full
@Horizon3ai
29 Jan 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Update: Critical vulnerabilities in #SimpleHelp are now being exploited (#CVE-2024-57727, #CVE-2024-57728, #CVE-2024-57726); These can lead to info disclosure, privilege escalation, and RCE. Patch and advisory are available at: https://https://t.co/UlONgZAyDI #Patch #Patch #Patch
@CCBalert
29 Jan 2025
247 Impressions
2 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers exploiting flaws in SimpleHelp RMM to breach networks. The flaws, tracked as CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728, allow threat actors to download and upload files on devices and escalate privileges to administrative levels. https://t.co/knnGrF94Qo https://
@riskigy
29 Jan 2025
50 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Researchers warn of a cyberattack exploiting SimpleHelp RMM vulnerabilities (CVE-2024-57726, CVE-2024-57727, CVE-2024-57728), allowing unauthorized device access. Ensure software is updated! 🔒💻 #SimpleHelp #CyberThreats #USA link: https://t.co/wdljUdasgh https://t.co/s1hk2hVJO
@TweetThreatNews
28 Jan 2025
42 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Warning: Critical vulnerabilities in SimpleHelp remote access software (CVE-2024-57727, CVE-2024-57728, CVE-2024-57726) can lead to info disclosure, privilege escalation, and RCE. Patch and advisory are available at: https://t.co/HhQIqSK040 #Patch #Patch #Patch
@CCBalert
16 Jan 2025
161 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-57728 SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zi… https://t.co/i8Acp6M9tD
@CVEnew
16 Jan 2025
339 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 CVE-2024-57727&&CVE-2024-57728&&CVE-2024-57726 : Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks 📊 75k+ Services are found on https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/LxDmNVsdm9 👇Query HUNTER… https:/
@HunterMapping
16 Jan 2025
1336 Impressions
3 Retweets
17 Likes
6 Bookmarks
0 Replies
0 Quotes
We disclosed a few vulns last week affecting SimpleHelp's remote support software: ♦️ CVE-2024-57726: Priv esc to admin ♦️ CVE-2024-57727: Unauth arbitrary file download ♦️ CVE-2024-57728: Admin RCE via arbitrary file upload Together these vulns could enable an attacker with…
@Horizon3Attack
15 Jan 2025
6709 Impressions
20 Retweets
74 Likes
24 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simple-help:simplehelp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B51B617B-82A8-4B34-BE2E-2D3C9CDE6D12",
"versionEndExcluding": "5.5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]