What is the CVSS score of CVE-2024-57727?

CVE-2024-57727 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 94.0%.

Which versions of Simplehelp are affected by CVE-2024-57727?

Organizations using SimpleHelp remote support software v5.5.7 and before face notable risk from CVE-2024-57727, a path traversal vulnerability rated CVSS 7.5.

Is CVE-2024-57727 being actively exploited?

Yes, CVE-2024-57727 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, confirming active in-the-wild exploitation. Immediate patching is required.

How to fix or mitigate CVE-2024-57727?

Within 24 hours: Identify all affected systems and apply vendor patches immediately. Review file handling controls and restrict upload directories.

Simplehelp CVE-2024-57727

HIGH

Path Traversal (CWE-22)

2025-01-15 cve@mitre.org

Path Traversal Simplehelp

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:03 vuln.today

Added to CISA KEV

Nov 04, 2025 - 16:37 cisa

CISA KEV

CVE Published

Jan 15, 2025 - 23:15 nvd

HIGH 7.5

DescriptionNVD

SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords.

AnalysisAI

SimpleHelp remote support software contains multiple path traversal vulnerabilities allowing unauthenticated remote attackers to download arbitrary files including server configuration and hashed passwords.

Technical ContextAI

The CWE-22 path traversal via /c/router endpoint with getImageByPath allows reading arbitrary files. Critical files include server configuration containing LDAP credentials, API keys, and password hashes for SimpleHelp accounts.

RemediationAI

Update SimpleHelp to 5.5.8+. Rotate all stored credentials. Audit remote support session logs for unauthorized access.

CVE-2024-57727 vulnerability details – vuln.today

Back

Simplehelp CVE-2024-57727

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code