CVE-2024-57728

HIGH KEV RANSOMWARE

SimpleHelp < 5.5.8 - Authenticated Path Traversal and Arbitrary File Write via Zip Slip

Title source: llm

Exploitation Summary

CVE-2024-57728 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added April 24, 2026, with confirmed use in ransomware campaigns.

Description

SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.

References (5)

Core 5

Core References

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-57728

Technical Description

https://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations/

Third Party Advisory

https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-dragonforce

Vendor Advisory

https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier

Third Party Advisory

https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/

Scores

CVSS v3 7.2

EPSS 0.5335

EPSS Percentile 98.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2026-04-24

VulnCheck KEV 2025-04-17

ENISA EUVD EUVD-2024-53726

Ransomware Use Confirmed

CWE

CWE-22 CWE-59

Status published

Products (1)

simple-help/simplehelp < 5.5.8

Published Jan 15, 2025

KEV Added Apr 24, 2026

Tracked Since Feb 18, 2026