CVE-2024-57728
Published: 15 January 2025
Description
Adversaries may upload malware to third-party or adversary controlled infrastructure to make it accessible during targeting.
Security Summary
CVE-2024-57728 affects SimpleHelp remote support software versions 5.5.7 and earlier. The vulnerability is a zip slip flaw (CWE-59, CWE-22) that allows authenticated admin users to upload crafted zip files, enabling arbitrary file writes anywhere on the file system. This can lead to arbitrary code execution on the host in the context of the SimpleHelp server user. Published on 2025-01-15, it carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H).
An attacker with admin privileges can exploit this over the network with low complexity and no user interaction required. By uploading a malicious zip file, they achieve remote code execution as the server process user, potentially compromising the host through file overwrites in critical paths like executables or configuration files.
Advisories reference mitigations including a vendor knowledge base article on vulnerabilities in SimpleHelp 5.5.7 and earlier (simple-help.com), a Horizon3.ai disclosure on critical issues, and CISA's Known Exploited Vulnerabilities catalog entry.
The vulnerability is listed in CISA's KEV catalog, signaling real-world exploitation. References link it to ransomware activity, including Storm-1175 operations targeting web-facing assets in Medusa ransomware campaigns (Microsoft) and DragonForce ransomware (Trend Micro).
Details
- CWE(s)
- KEV Date Added
- 24 April 2026
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The zip slip vulnerability enables authenticated admins to upload crafted ZIP files for arbitrary file writes anywhere on the filesystem, leading to RCE in the server context. This facilitates exploitation of public-facing applications/remote services (T1190/T1210), abuse of server software components (T1505), web shell deployment (T1100), and malware upload (T1608.001).