CISA Releases Cybersecurity Advisory on SimpleHelp RMM Vulnerability
Today, CISA released Cybersecurity Advisory: Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Provider.
This advisory is in response to ransomware actors targeting customers of a utility billing software provider through unpatched vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM).
This incident is part of a broader trend of ransomware actors exploiting unpatched versions of SimpleHelp RMM since January 2025.
SimpleHelp versions 5.5.7 and earlier contain multiple vulnerabilities, including CVE-2024-57727, a path traversal vulnerability. Ransomware actors likely exploited CVE-2024-57727 to access downstream customers’ unpatched SimpleHelp RMM, resulting in service disruptions and double extortion incidents.
CISA added CVE-2024-57727 to its Known Exploited Vulnerabilities Catalog on February 13, 2025.
Organizations using SimpleHelp RMM should:
- Search for evidence of compromise,
- Apply the mitigations outlined in the advisory such as patching CVE-2024-57727 and/or implementing appropriate workarounds to prevent or respond to confirmed or potential compromises, and
- Follow CISA’s Known Exploited Vulnerabilities Catalog.