← back
CVE-2025-3651

Command Injection in iManage Work Desktop for Mac's Agent Service

CVSS 9.3 CRITICALEPSS 0.2%CWE-346CWE-668
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.3EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
17 Apr 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Improper Verification of Source of a Communication Channel in Work Desktop for Mac versions 10.8.1.46 and earlier allows attackers to execute arbitrary commands via unauthorized access to the Agent service.  This has been remediated in Work Desktop for Mac version 10.8.2.33.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N
Affected products
iManage · Work Desktop for Mac

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://docs.imanage.com/security/CVE-2025-3651.html