Smartrobot
CVE-2025-3572
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
SmartRobot from INTUMIT has a Server-Side Request Forgery vulnerability, allowing unauthenticated remote attackers to probe internal network and even access arbitrary local files on the server.
AnalysisAI
SmartRobot from INTUMIT has a Server-Side Request Forgery vulnerability, allowing unauthenticated remote attackers to probe internal network and even access arbitrary local files on the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Server-Side Request Forgery (SSRF) (CWE-918), which allows attackers to make the server perform requests to unintended internal or external resources. SmartRobot from INTUMIT has a Server-Side Request Forgery vulnerability, allowing unauthenticated remote attackers to probe internal network and even access arbitrary local files on the server. Affected products include: Intumit Smartrobot.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and allowlist destination URLs, block requests to internal networks, use network segmentation.
More in Smartrobot
View allA critical authentication bypass vulnerability exists in Intumit SmartRobot due to the use of a hard-coded encryption ke
A remote code execution vulnerability exists in Intumit SmartRobot's web framework that allows unauthenticated attackers
A Improper Control of Generation of Code ('Code Injection') vulnerability in groovy script function in SmartRobot′s Conv
SmartRobot by INTUMIT contains a reflected cross-site scripting (XSS) vulnerability in an insufficiently validated page
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allVendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today