CVE-2025-3651

Summary

Improper Verification of Source of a Communication Channel in Work Desktop for Mac versions 10.8.1.46 and earlier

allows attackers to execute arbitrary commands via unauthorized access to the Agent service. 

This has been remediated in Work Desktop for Mac version 10.8.2.33.

Affected Software

VendorProductVersion RangeStatus
iManageWork Desktop for Mac0 < 10.8.2.33affected

Weaknesses

  • CWE-346: CWE-346 Origin Validation Error
  • CWE-668: CWE-668 Exposure of Resource to Wrong Sphere

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References