CVE-2025-36728

Published Jul 25, 2025

Last updated 7 months ago

CVSS medium 6.3

Overview

Description
Cross-Site Request Forgery (CSRF) vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.11.
Source
vulnreport@tenable.com
NVD status
Analyzed
Products
simplehelp

Risk scores

CVSS 3.1

Type
Primary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

vulnreport@tenable.com
CWE-352

Social media

Hype score
Not currently trending

  1. Tenable Discovers Critical Vulnerabilities in SimpleHelp Tool: CVE-2025-36727 and CVE-2025-36728 https://t.co/DKodoO2TI1 https://t.co/kxL6jk9GGb

    @arniebert

    20 Oct 2025

    47 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Tenable Discovers Critical Vulnerabilities in SimpleHelp Tool: CVE-2025-36727 and CVE-2025-36728 https://t.co/iqHvonH9cp https://t.co/5OFUn1faYf

    @secured_cyber

    19 Oct 2025

    72 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Tenable Discovers Critical Vulnerabilities in SimpleHelp Tool: CVE-2025-36727 and CVE-2025-36728 https://t.co/lfdvvDieaG https://t.co/J1V7zNuNFX

    @TechMash365

    17 Oct 2025

    52 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  4. Tenable Discovers Critical Vulnerabilities in SimpleHelp Tool: CVE-2025-36727 and CVE-2025-36728 https://t.co/9AMIz5jghI https://t.co/jBqHR14tvp

    @valterpcjr

    17 Oct 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Tenable Discovers Critical Vulnerabilities in SimpleHelp Tool: CVE-2025-36727 and CVE-2025-36728 https://t.co/4H4IMiiR64 https://t.co/jXBrNBREdk

    @dansantanna

    17 Oct 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Tenable Discovers Critical Vulnerabilities in SimpleHelp Tool: CVE-2025-36727 and CVE-2025-36728 https://t.co/Y0gC2RYZTw https://t.co/rqskhaccqd

    @ggrubamn

    16 Oct 2025

    30 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Tenable Discovers Critical Vulnerabilities in SimpleHelp Tool: CVE-2025-36727 and CVE-2025-36728 https://t.co/sOEG36MnhS https://t.co/0coSu30UA0

    @IT_Peurico

    16 Oct 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Tenable Discovers Critical Vulnerabilities in SimpleHelp Tool: CVE-2025-36727 and CVE-2025-36728 https://t.co/mTYD6hjT8C https://t.co/cUc5cVhxit

    @Trej0Jass

    16 Oct 2025

    711 Impressions

    4 Retweets

    6 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Inclusion of Functionality from Untrusted Control Sphere vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.12.CVE-2025-36727
  2. SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.CVE-2024-57728
  3. SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.CVE-2024-57726
  4. SimpleHelp Path Traversal VulnerabilityCVE-2024-57727

References

Sources include official advisories and independent security research.