Inclusion of Functionality from Untrusted Control Sphere Vulnerability in Simplehelp Software
CVE-2025-36727

8.3HIGH

Key Information:

Vendor: Simplehelp
Status: Simplehelp
Vendor: CVE Published:; 25 July 2025

What is CVE-2025-36727?

The Simplehelp software exhibits a serious vulnerability known as the inclusion of functionality from an untrusted control sphere, which can lead to unauthorized access and manipulation of system functions. This vulnerability affects versions prior to 5.5.12, potentially allowing attackers to exploit the software functionalities in unintended ways, compromising system integrity and user data security.

Affected Version(s)

Simplehelp 0 < 5.5.12

References

https://www.tenable.com/security/research/tra-2025-24

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 25, 2025
Vulnerability Reserved
Apr 15, 2025