CVE-2024-57727
Today, CISA released Cybersecurity Advisory: Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Provider. This advisory is in response to ransomware actors targeting customers of a utility billing software provider through unpatched vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM). This incident is part of a broader trend of ransomware actors exploiting unpatched versions of SimpleHelp RMM since January 2025. SimpleHelp versions 5.5.7 and earlier contain multiple vulnerabilities, including CVE-2024-57727, a path traversal vulnerability. Ransomware actors likely exploited CVE-2024-57727 to access downstream customers’ unpatched SimpleHelp RMM, resulting in service disruptions and double extortion incidents. CISA added CVE-2024-57727 to its Known Exploited Vulnerabilities Catalog on February 13, 2025. Organizations using SimpleHelp RMM should: Search for evidence of compromise, Apply the mitigations outlined in the advisory such as patching CVE-2024-57727 and/or implementing appropriate workarounds to prevent or respond to confirmed or potential compromises, and Follow CISA’s Known Exploited Vulnerabilities Catalog.
EPSS 94.05% · 99.9th percentile
Risk Scores
Timeline
- Jan 15, 2025 CVE Published
- Jan 15, 2025 PoC Published
- Jan 15, 2025 PoC Published
- Jan 15, 2025 PoC Published
- Jan 16, 2025 EPSS Score
- Jan 17, 2025 PoC Published
- Jan 19, 2025 PoC Published
- Jan 21, 2025 PoC Published
- Jan 21, 2025 PoC Published
- Jan 26, 2025 PoC Published
- Jan 27, 2025 PoC Published
- Jan 27, 2025 PoC Published
References
- https://www.cisa.gov/news-events/alerts/2025/06/12/cisa-releases-cybersecurity-advisory-simplehelp-rmm-vulnerability advisory
- https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-163a advisory
- https://www.cve.org/CVERecord?id=CVE-2024-57727 technical
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog advisory