CISA has added CVE-2024-57728, the SimpleHelp Path Traversal Vulnerability, to its Known Exploited Vulnerabilities (KEV) catalogue. The flaw affects the SimpleHelp remote support software produced by SimpleHelp. It allows an authenticated administrator to upload a specially crafted ZIP file that exploits a path‑traversal (zip slip) condition to write arbitrary files anywhere on the host filesystem, potentially leading to remote code execution.
The vulnerability is a path‑traversal flaw in the file‑upload handling of SimpleHelp. An admin user who can upload a ZIP archive containing directory‑traversal sequences (e.g., ../../) can cause the extraction routine to place files outside the intended directory. By writing a malicious web shell or executable to a location that the server later executes, an attacker can achieve arbitrary code execution with the privileges of the SimpleHelp service account.
The Common Vulnerability Scoring System assigns this issue a base score of 7.2 (High). SimpleHelp has released a patch that removes the unsafe extraction logic.
CISA has confirmed that this vulnerability is being actively exploited in the wild. No public attribution ties the flaw to ransomware use at this time. Because the vulnerability is listed in the KEV catalogue, Federal Civilian Executive Branch (FCEB) agencies must complete the required remediation by 8 May 2026.
CISA directs FCEB agencies to apply mitigations per vendor instructions, follow applicable BOD 22‑01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. All organisations should review their SimpleHelp deployments, install the available patch, or implement equivalent controls to mitigate the risk.
For full details, refer to the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2024-57728 and the CISA KEV catalogue.