Description
Improper Verification of Source of a Communication Channel in Work Desktop for Mac versions 10.8.1.46 and earlier allows attackers to execute arbitrary commands via unauthorized access to the Agent service. This has been remediated in Work Desktop for Mac version 10.8.2.33.
References (1)
Core 1
Core References
Various Sources
https://docs.imanage.com/security/CVE-2025-3651.html
Scores
CVSS v4
9.3
EPSS
0.0023
EPSS Percentile
13.1%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-346
CWE-668
Status
published
Products (1)
iManage/Work Desktop for Mac
< 10.8.2.33
Published
Apr 17, 2025
Tracked Since
Feb 18, 2026