CVE-2025-36727
BaseFortify
Publication date: 2025-07-25
Last updated on: 2025-08-26
Assigner: Tenable Network Security, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| simple-help | simplehelp | to 5.5.12 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-829 | The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-36727 is a vulnerability in SimpleHelp before version 5.5.12 where functionality from an untrusted control sphere can be included, allowing an attacker to induce a client to execute arbitrary code remotely. This vulnerability, combined with CVE-2025-36728 (a CSRF vulnerability), enables a complete remote compromise of affected systems by unauthenticated attackers. [1]
How can this vulnerability impact me? :
This vulnerability can lead to a complete remote compromise of systems running vulnerable versions of SimpleHelp. An attacker can remotely execute arbitrary code without authentication, potentially gaining full control over the affected machines, leading to severe confidentiality, integrity, and availability impacts. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade SimpleHelp to version 5.5.12 or later, which addresses CVE-2025-36727 and CVE-2025-36728. This update fixes the vulnerabilities that allow remote code execution and CSRF attacks, preventing full remote compromise of affected systems. [1]