{"cve":{"cve_id":"CVE-2024-57727","is_kev":true,"kev_date_added":"2025-02-13","kev_vendor_project":"SimpleHelp ","kev_product":"SimpleHelp","kev_vulnerability_name":"SimpleHelp Path Traversal Vulnerability","kev_short_description":"SimpleHelp remote support software contains multiple path traversal vulnerabilities that allow unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files may include server configuration files and hashed user passwords.","kev_required_action":"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","kev_due_date":"2025-03-06","kev_known_ransomware":true,"kev_notes":"https://simple-help.com/kb---security-vulnerabilities-01-2025 ; Additional CISA Mitigation Instructions: https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-163a ; https://nvd.nist.gov/vuln/detail/CVE-2024-57727","kev_cwes":["CWE-22"],"epss_score":0.95067,"epss_percentile":0.99851,"epss_as_of":"2026-06-23","description":"SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords.","published_at":"2025-01-15T00:00:00Z","last_modified_at":null,"cvss_v3_score":9.1,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","cvss_v3_severity":"CRITICAL","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"active","ssvc_automatable":true,"ssvc_technical_impact":"total","cwes":["CWE-22"],"nvd_references":["https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/","https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:31.350578Z","updated_at":"2026-06-29T02:18:43.743904Z"},"effective_severity":"CRITICAL","badges":["kev","ransomware","poc","epss"],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"N","value_label":"None"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[],"exploit_refs":[{"source":"nuclei","kind":"nuclei","url":"https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-57727.yaml","title":"SimpleHelp <= 5.5.7 - Unauthenticated Path Traversal","author":"iamnoooob,rootxharsh,pdresearch,3th1cyuk1","disclosed_at":null}],"news":[],"references":[{"url":"https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/","source_type":"MISC","tags":[]},{"url":"https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2025-01-15T00:00:00Z","label":"CVE published","source":null},{"type":"cisa_reported","at":"2025-02-13T00:00:00Z","label":"Added to CISA KEV catalog","source":"kev"},{"type":"poc_available","at":"2026-06-24T00:29:48.638073Z","label":"Public PoC available","source":"nuclei"},{"type":"cvss_changed","at":"2026-06-28T17:39:39.499577Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:39:39.499577Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:39:39.499577Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"ssvc_changed","at":"2026-06-29T02:18:43.743904Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T02:18:43.743904Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T02:18:43.743904Z","label":"SSVC decision revised","source":"vulnrichment"}]}