{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-3651", "assignerOrgId": "5d978718-751a-428d-ac8e-4f9445ebfd11", "state": "PUBLISHED", "assignerShortName": "iManage", "dateReserved": "2025-04-15T18:23:36.913Z", "datePublished": "2025-04-17T14:58:00.520Z", "dateUpdated": "2025-04-17T19:10:42.989Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["MacOS"], "product": "Work Desktop for Mac", "vendor": "iManage", "versions": [{"lessThan": "10.8.2.33", "status": "affected", "version": "0", "versionType": "custom"}]}], "datePublic": "2025-04-17T13:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">Improper Verification of Source of a Communication Channel in Work Desktop for Mac versions 1<span style=\"background-color: rgb(255, 255, 255);\">0.8.1.46 and earlier</span>\n\n allows attackers to execute arbitrary commands via unauthorized access to the Agent service.&nbsp;\n\n<span style=\"background-color: rgb(255, 255, 255);\">This has been remediated in Work Desktop for Mac version 10.8.2.33.</span>\n\n</span></span><p></p>"}], "value": "Improper Verification of Source of a Communication Channel in Work Desktop for Mac versions 10.8.1.46 and earlier\n\n allows attackers to execute arbitrary commands via unauthorized access to the Agent service.\u00a0\n\nThis has been remediated in Work Desktop for Mac version 10.8.2.33."}], "impacts": [{"capecId": "CAPEC-248", "descriptions": [{"lang": "en", "value": "CAPEC-248 Command Injection"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-346", "description": "CWE-346 Origin Validation Error", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-668", "description": "CWE-668 Exposure of Resource to Wrong Sphere", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "5d978718-751a-428d-ac8e-4f9445ebfd11", "shortName": "iManage", "dateUpdated": "2025-04-17T15:29:30.056Z"}, "references": [{"url": "https://docs.imanage.com/security/CVE-2025-3651.html"}], "source": {"discovery": "UNKNOWN"}, "title": "Command Injection in iManage Work Desktop for Mac's Agent Service", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-17T18:53:38.640700Z", "id": "CVE-2025-3651", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-17T19:10:42.989Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3651", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-17T18:53:38.640700Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-17T19:10:38.580Z"}}], "cna": {"title": "Command Injection in iManage Work Desktop for Mac's Agent Service", "source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-248", "descriptions": [{"lang": "en", "value": "CAPEC-248 Command Injection"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "iManage", "product": "Work Desktop for Mac", "versions": [{"status": "affected", "version": "0", "lessThan": "10.8.2.33", "versionType": "custom"}], "platforms": ["MacOS"], "defaultStatus": "unaffected"}], "datePublic": "2025-04-17T13:00:00.000Z", "references": [{"url": "https://docs.imanage.com/security/CVE-2025-3651.html"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper Verification of Source of a Communication Channel in Work Desktop for Mac versions 10.8.1.46 and earlier\n\n allows attackers to execute arbitrary commands via unauthorized access to the Agent service.\u00a0\n\nThis has been remediated in Work Desktop for Mac version 10.8.2.33.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">\n\n<span style=\"background-color: rgb(255, 255, 255);\">Improper Verification of Source of a Communication Channel in Work Desktop for Mac versions 1<span style=\"background-color: rgb(255, 255, 255);\">0.8.1.46 and earlier</span>\n\n allows attackers to execute arbitrary commands via unauthorized access to the Agent service.&nbsp;\n\n<span style=\"background-color: rgb(255, 255, 255);\">This has been remediated in Work Desktop for Mac version 10.8.2.33.</span>\n\n</span></span><p></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-346", "description": "CWE-346 Origin Validation Error"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-668", "description": "CWE-668 Exposure of Resource to Wrong Sphere"}]}], "providerMetadata": {"orgId": "5d978718-751a-428d-ac8e-4f9445ebfd11", "shortName": "iManage", "dateUpdated": "2025-04-17T15:29:30.056Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3651", "state": "PUBLISHED", "dateUpdated": "2025-04-17T19:10:42.989Z", "dateReserved": "2025-04-15T18:23:36.913Z", "assignerOrgId": "5d978718-751a-428d-ac8e-4f9445ebfd11", "datePublished": "2025-04-17T14:58:00.520Z", "assignerShortName": "iManage"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Verification of Source of a Communication Channel in Work Desktop for Mac versions 10.8.1.46 and earlier\n\n allows attackers to execute arbitrary commands via unauthorized access to the Agent service.\u00a0\n\nThis has been remediated in Work Desktop for Mac version 10.8.2.33."}], "id": "CVE-2025-3651", "lastModified": "2025-04-17T20:21:48.243", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "5d978718-751a-428d-ac8e-4f9445ebfd11", "type": "Secondary"}]}, "published": "2025-04-17T15:15:58.620", "references": [{"source": "5d978718-751a-428d-ac8e-4f9445ebfd11", "url": "https://docs.imanage.com/security/CVE-2025-3651.html"}], "sourceIdentifier": "5d978718-751a-428d-ac8e-4f9445ebfd11", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-346"}, {"lang": "en", "value": "CWE-668"}], "source": "5d978718-751a-428d-ac8e-4f9445ebfd11", "type": "Secondary"}]}

{}