Cyber Resilience

CVE-2024-57726

CriticalCISA KEVActive ExploitationEUVD ExploitedRansomware-linked

Published: 15 January 2025

Published
15 January 2025
Modified
24 April 2026
KEV Added
24 April 2026
Patch
CVSS Score v3.1 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.3883 97.4th percentile
Risk Priority 63 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57726 is a critical-severity Missing Authorization (CWE-862) vulnerability in Simple-Help Simplehelp. Its CVSS base score is 9.9 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 2.6% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

SimpleHelp remote support software versions 5.5.7 and earlier contain a missing authorization vulnerability that permits low-privilege technicians to generate API keys carrying excessive rights. These keys can subsequently be used to elevate access to full server administrator privileges, producing a CVSS 3.1 score of 9.9.

An authenticated technician can exploit the flaw over the network without user interaction to obtain administrative control of the SimpleHelp server, enabling arbitrary management of connected endpoints and sensitive support data. The issue is tracked under CWE-862 and has been added to CISA’s Known Exploited Vulnerabilities catalog.

Public references from the vendor, Horizon3, Microsoft, and Trend Micro document active exploitation of the vulnerability in campaigns by groups such as Storm-1175 and DragonForce ransomware operators. The associated EPSS score rose from a low baseline to a peak of 0.5225 on 2026-04-25 before receding to its current value of 0.3883, indicating post-disclosure attacker interest. Organizations are advised to apply the fixes detailed in SimpleHelp’s January 2025 security bulletin.

EU & UK References

Vulnerability details

SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.

CWE(s)
KEV Date Added
24 April 2026

Related Threats

Threat-Actor AttributionAI

STORM-1175
Microsoft reports STORM-1175 exploiting vulnerable web-facing assets including SimpleHelp in Medusa ransomware operations (Microsoft blog 2026).

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The vulnerability allows low-privilege technicians to create API keys with excessive permissions, enabling exploitation for privilege escalation to the server admin role.

CVEs Like This One

CVE-2024-57728Same product: Simple-Help Simplehelpboth on KEV
CVE-2024-57727Same product: Simple-Help Simplehelpboth on KEV
CVE-2025-40602Shared CWE-862both on KEV
CVE-2026-8547Shared CWE-862
CVE-2026-22172Shared CWE-862
CVE-2025-48574Shared CWE-862
CVE-2026-0026Shared CWE-862
CVE-2025-48578Shared CWE-862
CVE-2025-48634Shared CWE-862
CVE-2026-28193Shared CWE-862

Affected Assets

simple-help
simplehelp
≤ 5.5.8

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

AC-6 enforces least privilege, directly preventing low-privileged technicians from creating API keys with excessive permissions that enable server admin privilege escalation.

prevent

AC-3 requires enforcement of approved authorizations, mitigating the missing authorization (CWE-862) that allows creation of over-privileged API keys.

prevent

AC-2 mandates management of accounts and associated privileges, including API keys, to restrict low-privileged users from escalating via unauthorized key creation.

References