CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Mar 6, 2025
Description
SimpleHelp remote support software contains multiple path traversal vulnerabilities that allow unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files may include server configuration files and hashed user passwords.
EPSS — Exploit Probability
Higher than 99.8% of all CVEs
Required Action
https://simple-help.com/kb---security-vulnerabilities-01-2025 ; Additional CISA Mitigation Instructions: https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-163a ; https://nvd.nist.gov/vuln/detail/CVE-2024-57727
Risk Assessment
CRITICALDetails
- Severity
- High
- EPSS
- 93.7%
- CISA KEV
- Yes
- Ransomware
- Known
- Articles
- 0
Timeline
Published
Feb 13, 2025
Added to KEV
Feb 13, 2025
Remediation Due
Mar 6, 2025