H3-2025-0001¶
SimpleHelp Path Traversal Vulnerability
| Category | VULNERABILITY |
| Base Score | 7.5 |
Description¶
The SimpleHelp server is susceptible to a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files from the SimpleHelp host.
Impact¶
Remote unauthenticated attackers can download sensitive SimpleHelp configuration files containing hashed passwords and reversible secrets. These secrets or cracked passwords could then be leveraged by an attacker to exploit additional vulnerabilities, resulting in compromise of the SimpleHelp host as well as client hosts managed by SimpleHelp.
References¶
- Horizon3.ai: Critical Vulnerabilities in SimpleHelp Remote Support Software
- SimpleHelp KnowledgeBase Article
- NVD: CVE-2024-57727
- CISA Adds One Known Exploited Vulnerability to Catalog
- Health-ISAC Threat Bulletin
- Curated Intelligence PSA
- Arctic Wolf Observes Campaign Exploiting SimpleHelp RMM Software for Initial Access
- Not-so-SimpleHelp exploits enabling deployment of Sliver backdoor
- Hackers Exploiting SimpleHelp RMM Flaws for Persistent Access and Ransomware
- Metasploit: SimpleHelp Path Traversal Vulnerability CVE-2024-57727
- Nuclei: SimpleHelp <= 5.5.7 - Unauthenticated Path Traversal