CVE-2025-3651 PUBLISHED

Command Injection in iManage Work Desktop for Mac's Agent Service

Assigner: iManage
Reserved: 15.04.2025 Published: 17.04.2025 Updated: 17.04.2025

Improper Verification of Source of a Communication Channel in Work Desktop for Mac versions 10.8.1.46 and earlier

allows attackers to execute arbitrary commands via unauthorized access to the Agent service. 

This has been remediated in Work Desktop for Mac version 10.8.2.33.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
CVSS Score: 9.3

Product Status

Vendor iManage
Product Work Desktop for Mac
Versions Default: unaffected
  • affected from 0 to 10.8.2.33 (excl.)

References

Problem Types

  • CWE-346 Origin Validation Error CWE
  • CWE-668 Exposure of Resource to Wrong Sphere CWE

Impacts

  • CAPEC-248 Command Injection