Changeflow GovPing Data Privacy & Cybersecurity CVE-2024-57728: SimpleHelp v5.5.7 Zip Slip Vuln...
Priority review Notice Added Final

CVE-2024-57728: SimpleHelp v5.5.7 Zip Slip Vulnerability

Favicon for www.cisa.gov CISA Known Exploited Vulnerabilities (KEV)
Published
Detected
Email

Summary

CISA added CVE-2024-57728 to its Known Exploited Vulnerabilities catalog. The CVE describes a zip slip vulnerability in SimpleHelp remote support software v5.5.7 and before that allows admin users to upload arbitrary files anywhere on the filesystem via a crafted zip file, enabling arbitrary code execution in the context of the SimpleHelp server user. The vulnerability carries a CVSS 3.1 score of 7.2 (HIGH) and is classified under CWE-22 (Path Traversal). Organizations running SimpleHelp v5.5.7 or earlier versions should immediately assess their exposure and apply patches.

“SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip).”

CISA , verbatim from source
Why this matters

CISA's KEV designation confirms active exploitation in the wild, not theoretical risk — this elevates patching urgency above routine vulnerability management. Organizations running SimpleHelp servers should treat any unpatched v5.5.7 installation as potentially compromised and initiate incident response procedures alongside the patch deployment. Federal agencies are subject to binding remediation timelines under BOD 22-01 and should track compliance accordingly.

AI-drafted from the source document, validated against GovPing's analyst note standards . For the primary regulatory language, read the source document .
Published by CISA on cve.org . Detected, standardized, and enriched by GovPing. Review our methodology and editorial standards .

About this source

GovPing monitors CISA Known Exploited Vulnerabilities (KEV) for new data privacy & cybersecurity regulatory changes. Every update since tracking began is archived, classified, and available as free RSS or email alerts — 41 changes logged to date.

View original document View source feed page

What changed

CISA added CVE-2024-57728 to its Known Exploited Vulnerabilities catalog, formally recognizing a zip slip vulnerability in SimpleHelp remote support software v5.5.7 and earlier as a known exploited vulnerability. The vulnerability stems from improper limitation of a path pathname to a restricted directory (CWE-22: Path Traversal), allowing admin-level users to craft zip files that extract to arbitrary filesystem locations, achieving arbitrary code execution as the SimpleHelp server user. SSVC assessment indicates active exploitation and total technical impact.\n\nOrganizations using SimpleHelp remote support software face immediate remediation obligations. Federal agencies must remediate under CISA Binding Operational Directive timelines. All affected entities should apply the vendor security update referenced in the CVE, audit for signs of exploitation, and enforce strict controls on admin-level file upload functionality pending patch deployment.

What to do next

  1. Patch SimpleHelp v5.5.7 or earlier to the latest available version
  2. Review SimpleHelp server installations for indicators of compromise
  3. Apply vendor-provided security update per https://simple-help.com/kb---security-vulnerabilities-01-2025

Archived snapshot

Apr 25, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

Required CVE Record Information

CNA: MITRE Corporation

Updated:

2025-01-15

Description

SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.

Product Status

Learn more Information not provided

References 2 Total

Authorized Data Publishers

Learn more

CISA-ADP

SSVC and KEV, plus CVSS and CWE if not provided by the CNA.

SSVC 1 Total

Learn more
| Exploitation | Automatable | Technical Impact | Version | Date Accessed |
| --- | --- | --- | --- | --- |
| active | no | total | 2.0.3 | 2026-04-24 |

KEV 1 Total

Learn more
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-57728 (2026-04-24)

CWE 1 Total

Learn more
- CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSS 1 Total

Learn more
| Score | Severity | Version | Vector String |
| --- | --- | --- | --- |
| 7.2 | HIGH | 3.1 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |

Mentioned entities

Cybersecurity and Infrastructure Security Agency

Parties

SimpleHelp

Related changes

Favicon for www.cisa.gov Marimo Pre-Auth RCE Vulnerability CVE-2026-39987 Added to KEV
Routine Apr 24, 2026 CISA Known Exploited Vulnerabilities (KEV) Data Privacy & Cybersecurity
Favicon for www.cisa.gov Samsung MagicINFO 9 Path Traversal Vulnerability, CVSS 8.8
Priority review Apr 25, 2026 CISA Known Exploited Vulnerabilities (KEV) Data Privacy & Cybersecurity
Favicon for www.cisa.gov CISA Adds Marimo CVE-2026-39987 to KEV Catalog
Priority review Apr 24, 2026 CISA ICS-CERT Advisories Data Privacy & Cybersecurity

Get daily alerts for CISA Known Exploited Vulnerabilities (KEV)

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for www.cisa.gov
CISA Known Exploited Vulnerabilities (KEV) cisa.gov/known-exploited-vulnerabilities-catalog
Data Privacy & Cybersecurity

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from CISA.

What's AI-generated?

The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.

Last updated

Press inquiries →

Classification

Agency
CISA
Published
January 15th, 2025
Instrument
Notice
Branch
Executive
Legal weight
Non-binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Technology companies Government agencies Healthcare providers
Industry sector
5112 Software & Technology
Activity scope
Vulnerability remediation Patch management Server security
Geographic scope
United States US

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Data Privacy Intellectual Property

Browse Categories

Agriculture & Food Safety 84 AI Regulation 3 Banking & Finance 507 Consumer Protection 142 Courts & Legal 635 Data Privacy & Cybersecurity 152 Defense & National Security 52 Education 64 Energy 139 Environment 171 Gaming 2 Government & Legislation 527 Healthcare 15 Healthcare & Life Sciences 404 Immigration 11 Insurance 90 Labor & Employment 196 Pharma & Drug Safety 21 Professional Licensing 6 Real Estate & Housing 76 Securities & Markets 175 Tax 119 Telecom & Technology 58 Trade & Sanctions 169 Transportation 133

Get alerts for this source

We'll email you when CISA Known Exploited Vulnerabilities (KEV) publishes new changes.

Free. Unsubscribe anytime.

You're subscribed!