The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included four vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog, indicating that these flaws are currently being exploited in the wild. The affected products are SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X series routers.
Details of the Vulnerabilities
The vulnerabilities listed are as follows:
CVE-2024-57726 (CVSS score: 9.9) – This is a missing authorization vulnerability in SimpleHelp that could enable low-privileged technicians to create API keys with excessive permissions, potentially allowing them to escalate their privileges to that of a server administrator.
CVE-2024-57728 (CVSS score: 7.2) – Another flaw in SimpleHelp, this path traversal vulnerability permits admin users to upload arbitrary files anywhere on the file system through a crafted zip file, which could lead to arbitrary code execution on the host.
CVE-2024-7399 (CVSS score: 8.8) – This path traversal vulnerability in Samsung MagicINFO 9 Server may allow an attacker to write arbitrary files with system authority.
CVE-2025-29635 (CVSS score: 7.5) – A command injection vulnerability found in the end-of-life D-Link DIR-823X series routers, which enables an authorized attacker to execute arbitrary commands on remote devices via a POST request.
Exploitation Context
While the SimpleHelp vulnerabilities are marked as “Unknown” regarding their use in ransomware campaigns, previous reports from Field Effect and Sophos indicated that these issues were exploited as precursors to ransomware attacks, notably linked to the DragonForce ransomware operation. Additionally, the exploitation of CVE-2024-7399 has been associated with malicious activities involving the Mirai botnet.
For CVE-2025-29635, Akamai recently reported attempts to exploit D-Link devices to deliver a variant of the Mirai botnet named “tuxnokill.”
Recommended Actions for Federal Agencies
To mitigate the risks posed by these vulnerabilities, CISA recommends that Federal Civilian Executive Branch (FCEB) agencies apply the necessary patches or, specifically for CVE-2025-29635, discontinue the use of the affected D-Link appliances by May 8, 2026.
This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.
