Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability by iManage
CVE-2025-3651 (GCVE-0-2025-3651)
Vulnerability from cvelistv5 – Published: 2025-04-17 14:58 – Updated: 2025-04-17 19:10
VLAI
Title
Command Injection in iManage Work Desktop for Mac's Agent Service
Summary
Improper Verification of Source of a Communication Channel in Work Desktop for Mac versions 10.8.1.46 and earlier
allows attackers to execute arbitrary commands via unauthorized access to the Agent service.
This has been remediated in Work Desktop for Mac version 10.8.2.33.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| iManage | Work Desktop for Mac |
Affected:
0 , < 10.8.2.33
(custom)
|
Date Public
2025-04-17 13:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3651",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T18:53:38.640700Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T19:10:42.989Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "Work Desktop for Mac",
"vendor": "iManage",
"versions": [
{
"lessThan": "10.8.2.33",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-04-17T13:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eImproper Verification of Source of a Communication Channel in Work Desktop for Mac versions 1\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e0.8.1.46 and earlier\u003c/span\u003e\n\n allows attackers to execute arbitrary commands via unauthorized access to the Agent service.\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThis has been remediated in Work Desktop for Mac version 10.8.2.33.\u003c/span\u003e\n\n\u003c/span\u003e\u003c/span\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Improper Verification of Source of a Communication Channel in Work Desktop for Mac versions 10.8.1.46 and earlier\n\n allows attackers to execute arbitrary commands via unauthorized access to the Agent service.\u00a0\n\nThis has been remediated in Work Desktop for Mac version 10.8.2.33."
}
],
"impacts": [
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668 Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T15:29:30.056Z",
"orgId": "5d978718-751a-428d-ac8e-4f9445ebfd11",
"shortName": "iManage"
},
"references": [
{
"url": "https://docs.imanage.com/security/CVE-2025-3651.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Command Injection in iManage Work Desktop for Mac\u0027s Agent Service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5d978718-751a-428d-ac8e-4f9445ebfd11",
"assignerShortName": "iManage",
"cveId": "CVE-2025-3651",
"datePublished": "2025-04-17T14:58:00.520Z",
"dateReserved": "2025-04-15T18:23:36.913Z",
"dateUpdated": "2025-04-17T19:10:42.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}