Browse all 4 CVE security advisories affecting INTUMIT. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Intumit develops AI-powered customer service and chatbot solutions for enterprise clients. Historically, their products have been vulnerable to multiple remote code execution (RCE) and cross-site scripting (XSS) flaws, often stemming from improper input validation and insecure deserialization. The company has four CVEs on record, with vulnerabilities affecting their chat platform and administrative interfaces. While no major public security incidents have been documented, the consistent pattern of RCE and XSS vulnerabilities suggests potential risks for organizations deploying their solutions without proper hardening. Security researchers have noted that Intumit's products require careful configuration to mitigate these recurring issues.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-3572 | INTUMIT SmartRobot - Server-Side Request Forgery — SmartRobotCWE-918 | 7.5 | High | 2025-04-14 |
| CVE-2024-12652 | Intumit SmartRobot′s Conversational AI Platform - Improper Control of Generation of Code ('Code Injection') — SmartRobot′s Conversational AI PlatformCWE-94 | 8.8 | - | 2024-12-26 |
| CVE-2024-8776 | INTUMIT SmartRobot - Cross-site Scripting — SmartRobotCWE-79 | 6.1 | Medium | 2024-09-16 |
| CVE-2024-2413 | Intumit SmartRobot - Use of Hard-coded Cryptographic Key — SmartRobotCWE-321 | 9.8 | Critical | 2024-03-13 |
This page lists every published CVE security advisory associated with INTUMIT. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.