Security News > 2025 > January > Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks
2025-01-15 05:10
Cybersecurity researchers have disclosed multiple security flaws in SimpleHelp remote access software that could lead to information disclosure, privilege escalation, and remote code execution. Horizon3.ai researcher Naveen Sunkavally, in a technical report detailing the findings, said the "vulnerabilities are trivial to reverse and exploit." The list of identified flaws is as follows -
News URL
https://thehackernews.com/2025/01/critical-simplehelp-flaws-allow-file.html
Related news
- CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks (source)
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
- Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
- Active! Mail RCE flaw exploited in attacks on Japanese orgs (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- SAP fixes critical Netweaver flaw exploited in attacks (source)
- Craft CMS RCE exploit chain used in zero-day attacks to steal data (source)
- Apple 'AirBorne' flaws can lead to zero-click AirPlay RCE attacks (source)
- Critical Langflow RCE flaw exploited to hack AI app servers (source)