CVE-2025-3572
published 2025-04-14CVE-2025-3572: SmartRobot from INTUMIT has a Server-Side Request Forgery vulnerability, allowing unauthenticated remote attackers to probe internal network and even access…
PriorityP351high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.39%
30.5th percentile
SmartRobot from INTUMIT has a Server-Side Request Forgery vulnerability, allowing unauthenticated remote attackers to probe internal network and even access arbitrary local files on the server.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| intumit | smartrobot | < 8.0.0 | 8.0.0 |
| msrc | cbl2_python-virtualenv_20.26.6-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cm1_python-pip_19.2-2_on_cbl_mariner_1.0 | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vendor_redhat7.5HIGH
vendor_msrc5.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4g3w-2657-gjq5: SmartRobot from INTUMIT has a Server-Side Request Forgery vulnerability, allowing unauthenticated remote attackers to probe internal network and even
ghsa_unreviewed·2025-04-14
CVE-2025-3572 [HIGH] CWE-918 GHSA-4g3w-2657-gjq5: SmartRobot from INTUMIT has a Server-Side Request Forgery vulnerability, allowing unauthenticated remote attackers to probe internal network and even
SmartRobot from INTUMIT has a Server-Side Request Forgery vulnerability, allowing unauthenticated remote attackers to probe internal network and even access arbitrary local files on the server.
Red Hat
INTUMIT SmartRobot - Server-Side Request Forgery
vendor_redhat·2025-04-14·CVSS 7.5
CVE-2025-3572 [HIGH] CWE-918 INTUMIT SmartRobot - Server-Side Request Forgery
INTUMIT SmartRobot - Server-Side Request Forgery
SmartRobot from INTUMIT has a Server-Side Request Forgery vulnerability, allowing unauthenticated remote attackers to probe internal network and even access arbitrary local files on the server.
Microsoft
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest
vendor_msrc·2021-11-09·CVSS 5.7
CVE-2021-3572 [MEDIUM] CWE-20 A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-04-14
Published