CVE-2025-3651

Improper Verification of Source of a Communication Channel in Work Desktop for Mac versions 10.8.1.46 and earlier allows attackers to execute arbitrary commands via unauthorized access to the Agent service. This has been remediated in Work Desktop for Mac version 10.8.2.33.

CVSS

No CVSS.

References

Link	Resource
https://docs.imanage.com/security/CVE-2025-3651.html

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) La verificación incorrecta del origen de un canal de comunicación en Work Desktop para Mac, versión 10.8.1.46 y anteriores, permite a los atacantes ejecutar comandos arbitrarios mediante acceso no autorizado al servicio del Agente. Este problema se ha solucionado en Work Desktop para Mac, versión 10.8.2.33.

17 Apr 2025, 16:15

Type	Values Removed	Values Added
Summary	(en) Improper Verification of Source of a Communication Channel in Work Desktop for Mac versions below 10.8.2.33 allows attackers to execute arbitrary commands via unauthorized access to the Agent service.	(en) Improper Verification of Source of a Communication Channel in Work Desktop for Mac versions 10.8.1.46 and earlier allows attackers to execute arbitrary commands via unauthorized access to the Agent service. This has been remediated in Work Desktop for Mac version 10.8.2.33.

17 Apr 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-17 15:15

Updated : 2026-04-15 00:35

NVD link : CVE-2025-3651

Mitre link : CVE-2025-3651

CVE.ORG link : CVE-2025-3651

JSON object : View

Products Affected

No product.

CWE

CWE-346

Origin Validation Error

CWE-668

Exposure of Resource to Wrong Sphere

{"id": "CVE-2025-3651", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "5d978718-751a-428d-ac8e-4f9445ebfd11", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-04-17T15:15:58.620", "references": [{"url": "https://docs.imanage.com/security/CVE-2025-3651.html", "source": "5d978718-751a-428d-ac8e-4f9445ebfd11"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "5d978718-751a-428d-ac8e-4f9445ebfd11", "description": [{"lang": "en", "value": "CWE-346"}, {"lang": "en", "value": "CWE-668"}]}], "descriptions": [{"lang": "en", "value": "Improper Verification of Source of a Communication Channel in Work Desktop for Mac versions 10.8.1.46 and earlier\n\n allows attackers to execute arbitrary commands via unauthorized access to the Agent service.\u00a0\n\nThis has been remediated in Work Desktop for Mac version 10.8.2.33."}, {"lang": "es", "value": "La verificaci\u00f3n incorrecta del origen de un canal de comunicaci\u00f3n en Work Desktop para Mac, versi\u00f3n 10.8.1.46 y anteriores, permite a los atacantes ejecutar comandos arbitrarios mediante acceso no autorizado al servicio del Agente. Este problema se ha solucionado en Work Desktop para Mac, versi\u00f3n 10.8.2.33."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "5d978718-751a-428d-ac8e-4f9445ebfd11"}