CVE-2024-57728
Published: 15 January 2025
Summary
CVE-2024-57728 is a high-severity Link Following (CWE-59) vulnerability in Simple-Help Simplehelp. Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Web Shell (T1505.003); ranked in the top 1.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
SimpleHelp remote support software versions 5.5.7 and earlier contain a zip-slip vulnerability that permits authenticated administrators to upload a specially crafted archive and write arbitrary files to any location on the underlying file system. The flaw is tracked as CVE-2024-57728, carries a CVSS 3.1 score of 7.2, and maps to CWE-59 and CWE-22 path-traversal weaknesses; successful exploitation grants the attacker the ability to place executable content that runs in the context of the SimpleHelp server process.
An administrator account is sufficient to trigger the issue over the network. By supplying a malicious zip during the normal file-upload workflow, an attacker can overwrite binaries, scripts, or configuration files used by the SimpleHelp service, ultimately achieving remote code execution on the host without further user interaction.
Vendor guidance published in January 2025 directs administrators to apply the fixes released in SimpleHelp 5.5.8 or later. The vulnerability appears in the CISA Known Exploited Vulnerabilities catalog, and reporting from Microsoft and Trend Micro links exploitation activity to ransomware operators including Storm-1175 and DragonForce campaigns, indicating active in-the-wild use after disclosure. The associated EPSS score has remained elevated, with a recorded peak of 0.5933.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-53726
Vulnerability details
SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in…
more
the context of the SimpleHelp server user.
- CWE(s)
- KEV Date Added
- 24 April 2026
Related Threats
Threat-Actor AttributionAI
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The zip slip vulnerability enables authenticated admins to upload crafted ZIP files for arbitrary file writes anywhere on the filesystem, leading to RCE in the server context. This facilitates exploitation of public-facing applications/remote services (T1190/T1210), abuse of server software components (T1505), web shell deployment (T1100), and malware upload (T1608.001).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires identification, reporting, and correction of the zip slip vulnerability in SimpleHelp, preventing exploitation through timely flaw remediation.
Mandates validation of zip file inputs to block path traversal payloads that enable arbitrary file writes outside intended directories.
Enforces least privilege for the SimpleHelp server process, limiting the impact of arbitrary code execution even if file overwrites succeed.