Cyber Resilience

CVE-2024-57727

HighCISA KEVActive ExploitationEUVD ExploitedRansomware-linked

Published: 15 January 2025

Published
15 January 2025
Modified
04 November 2025
KEV Added
13 February 2025
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.9405 99.9th percentile
Risk Priority 91 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-57727 is a high-severity Path Traversal (CWE-22) vulnerability in Simple-Help Simplehelp. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique File and Directory Discovery (T1083); ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

SimpleHelp remote support software versions 5.5.7 and earlier contain multiple path traversal vulnerabilities tracked as CVE-2024-57727. The flaws, assigned CWE-22, allow unauthenticated remote attackers to retrieve arbitrary files from the server by submitting specially crafted HTTP requests. Affected files include configuration data that stores secrets and hashed user passwords. The issue carries a CVSS 3.1 score of 7.5 with network attack vector, low complexity, and no required authentication or user interaction.

An attacker with network access to a SimpleHelp instance can directly exploit the path traversal conditions to exfiltrate sensitive server files. Successful exploitation yields configuration contents that may contain credentials or other material useful for further compromise of the host or connected systems.

Vendor guidance, research disclosures, and the CISA Known Exploited Vulnerabilities catalog address the issue, with the latter confirming observed exploitation in the wild. The associated EPSS score currently stands at 0.9405 with a recorded peak of 0.9413, indicating sustained and substantial exploitation interest following public disclosure.

EU & UK References

Vulnerability details

SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets…

more

and hashed user passwords.

CWE(s)
KEV Date Added
13 February 2025

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1083 File and Directory Discovery Discovery
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1552.001 Credentials In Files Credential Access
Adversaries may search local file systems and remote file shares for files containing insecurely stored credentials.
Why these techniques?

Unauthenticated path traversal enables exploitation of public-facing application (T1190) for arbitrary file reads, facilitating file and directory discovery (T1083) and collection of unsecured credentials from configuration files containing hashed passwords and secrets (T1552.001).

CVEs Like This One

CVE-2024-57728Same product: Simple-Help Simplehelpboth on KEV
CVE-2024-57726Same product: Simple-Help Simplehelpboth on KEV
CVE-2025-8110Shared CWE-22both on KEV
CVE-2021-27065Shared CWE-22both on KEV
CVE-2021-40444Shared CWE-22both on KEV
CVE-2025-2749Shared CWE-22both on KEV
CVE-2026-6381Shared CWE-22
CVE-2020-37015Shared CWE-22
CVE-2026-22199Shared CWE-22
CVE-2020-37088Shared CWE-22

Affected Assets

simple-help
simplehelp
≤ 5.5.8

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the path traversal flaws in SimpleHelp versions 5.5.7 and earlier by requiring timely patching to prevent arbitrary file downloads.

prevent

Validates untrusted HTTP request inputs such as file paths to block path traversal attempts by unauthenticated attackers.

prevent

Monitors and controls communications at external boundaries to block crafted HTTP requests exploiting the unauthenticated path traversal vulnerability.

References