CVE-2025-3651

Improper Verification of Source of a Communication Channel in Work Desktop for Mac versions 10.8.1.46 and earlier allows attackers to execute arbitrary commands via unauthorized access to the Agent service. This has been remediated in Work Desktop for Mac version 10.8.2.33.

CVSS

No CVSS.

References

Link	Resource
https://docs.imanage.com/security/CVE-2025-3651.html

Configurations

No configuration.

History

17 Apr 2025, 16:15

Type	Values Removed	Values Added
Summary	(en) Improper Verification of Source of a Communication Channel in Work Desktop for Mac versions below 10.8.2.33 allows attackers to execute arbitrary commands via unauthorized access to the Agent service.	(en) Improper Verification of Source of a Communication Channel in Work Desktop for Mac versions 10.8.1.46 and earlier allows attackers to execute arbitrary commands via unauthorized access to the Agent service. This has been remediated in Work Desktop for Mac version 10.8.2.33.

17 Apr 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-17 15:15

Updated : 2025-04-17 20:21

NVD link : CVE-2025-3651

Mitre link : CVE-2025-3651

CVE.ORG link : CVE-2025-3651

JSON object : View

Products Affected

No product.

CWE

CWE-346

Origin Validation Error

CWE-668

Exposure of Resource to Wrong Sphere

{"id": "CVE-2025-3651", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "5d978718-751a-428d-ac8e-4f9445ebfd11", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-04-17T15:15:58.620", "references": [{"url": "https://docs.imanage.com/security/CVE-2025-3651.html", "source": "5d978718-751a-428d-ac8e-4f9445ebfd11"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "5d978718-751a-428d-ac8e-4f9445ebfd11", "description": [{"lang": "en", "value": "CWE-346"}, {"lang": "en", "value": "CWE-668"}]}], "descriptions": [{"lang": "en", "value": "Improper Verification of Source of a Communication Channel in Work Desktop for Mac versions 10.8.1.46 and earlier\n\n allows attackers to execute arbitrary commands via unauthorized access to the Agent service.\u00a0\n\nThis has been remediated in Work Desktop for Mac version 10.8.2.33."}], "lastModified": "2025-04-17T20:21:48.243", "sourceIdentifier": "5d978718-751a-428d-ac8e-4f9445ebfd11"}