Privilege Escalation Vulnerability in SIMPLE.ERP Software by SIMPLE
CVE-2024-8774

7.7HIGH

Key Information:

Vendor

Simple Sa

Status
Simple.erp
Vendor
CVE Published:
24 March 2025

What is CVE-2024-8774?

The SIMPLE.ERP client has a vulnerability where superuser passwords are stored in a recoverable format. This flaw permits any authenticated SIMPLE.ERP user to escalate their privileges to that of a database administrator. Versions 6.20 and 6.25 of SIMPLE.ERP remain unpatched, while version 6.30 has a security update that mitigates this risk. It is crucial for users and organizations utilizing affected versions to update to 6.30 to safeguard against unauthorized access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SIMPLE.ERP 6.20 < 6.30@a03.9

References

https://cert.pl/en/posts/2025/03/CVE-2024-8773/
third-party-advisory
https://cert.pl/posts/2025/03/CVE-2024-8773/
third-party-advisory
https://simple.com.pl/produkty/simple-erp/dla-kogo/
product

CVSS V4

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

dr inż. Marcin Ochab
JSON
.