CVE-2025-36727

CVE-2025-36727 — SimpleHelp is affected in versions before 5.5.12 due to the inclusion of functionality from an untrusted control sphere. The issue enables remote code execution and authentication bypass, allowing an attacker to execute arbitrary commands on a vulnerable system. Reported details ...

PT-2025-30898 · Unknown · Simplehelp

Name of the Vulnerable Software and Affected Versions: Simplehelp versions prior to 5.5.12 Description: The software contains an inclusion of functionality from an untrusted control sphere issue. Recommendations: Update Simplehelp to version 5.5.12 or later...

Simplehelp 安全漏洞

SimpleHelp is a remote support software from SimpleHelp, Inc. A security vulnerability exists in Simplehelp versions prior to 5.5.11 that stems from vulnerability to cross-site request forgery attacks...

SimpleHelp < 5.5.11 XSRF

The version of SimpleHelp running on the remote web server is prior to 5.5.11. It is, therefore, affected by a cross-site request forgery XSRF vulnerability. Note that this vulnerability can be used in conjunction with CVE-2025-36727 to fully compromise a target. Note that Nessus has not tested f...

Simplehelp 安全漏洞

SimpleHelp is a remote support software from SimpleHelp, Inc. A security vulnerability exists in Simplehelp versions prior to 5.5.12 that stems from the inclusion of functionality from an untrusted span of control...

SimpleHelp < 5.5.12 RCE

The version of SimpleHelp running on the remote web server is prior to 5.5.12. It is, therefore, affected by a remote code execution vulnerability due to the inclusion of functionality from an untrusted control sphere. An attacker can use this to bypass authentication and execute arbitrary...

PT-2025-30899 · Unknown · Simplehelp

Name of the Vulnerable Software and Affected Versions: Simplehelp versions prior to 5.5.11 Description: The software contains a Cross-Site Request Forgery CSRF flaw. Recommendations: Update Simplehelp to version 5.5.11 or later...

Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday disclosed that ransomware actors are targeting unpatched SimpleHelp Remote Monitoring and Management RMM instances to compromise customers of an unnamed utility billing software provider. "This incident reflects a broader...

DragonForce Exploits SimpleHelp Flaws to Deploy Ransomware Across Customer Endpoints

The threat actors behind the DragonForce ransomware gained access to an unnamed Managed Service Provider's MSP SimpleHelp remote monitoring and management RMM tool, and then leveraged it to exfiltrate data and drop the locker on multiple endpoints. It's believed that the attackers exploited a tri...

CVE-2024-57727

SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing...

CVE-2024-57728

SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file i.e. zip slip. This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user...

CVE-2024-57726

SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role...

VulnCheck KEV: CVE-2024-57726

SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role...

VulnCheck KEV: CVE-2024-57728

SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file i.e. zip slip. This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user...

Security Updates for SimpleHelp < 5.5.8

The version of SimpleHelp running on the remote web server is prior to 5.3.9, or 5.4.x prior to 5.4.10 or 5.5.x prior to 5.5.8. It is, therefore, affected by multiple vulnerabilities: - Allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to...

SimpleHelp Detection

Binary data simplehelpwebuidetect.nbin...

SimpleHelp Unauthenticated Path Traversal

SimpleHelp versions 5.5.x 5.5.8, 5.4.x 5.4.10 and 5.3.x 5.3.9 suffer from an unauthenticated path traversal vulnerability. By crafting a specific URL, a remote and unauthenticated attacker can access sensitive file such as 'serverconfig.xml' which contains at least the SimpleHelpAdmin user hashed...

SimpleHelp Detected

This is an informational notice that the scanner was able to detect a SimpleHelp instance on the target server. Note that this detection is included in the Remote Access Tools category. No source data...

SimpleHelp Path Traversal Vulnerability CVE-2024-57727

There exists a path traversal vulnerability in the /toolbox-resource endpoint that enables unauthenticated remote attackers to download arbitrary files from the SimpleHelp server via crafted HTTP requests Module Options msf use auxiliary/scanner/http/simplehelptoolboxpathtraversal msf...

PT-2025-7246 · Unknown · Simplehelp

Name of the Vulnerable Software and Affected Versions: SimpleHelp affected versions not specified Description: A vulnerability has been identified in SimpleHelp. CISA has added this issue to the KEV Catalog. Recommendations: At the moment, there is no information about a newer version that contai...