{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T17:26:26.285","vulnerabilities":[{"cve":{"id":"CVE-2025-3651","sourceIdentifier":"5d978718-751a-428d-ac8e-4f9445ebfd11","published":"2025-04-17T15:15:58.620","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Improper Verification of Source of a Communication Channel in Work Desktop for Mac versions 10.8.1.46 and earlier\n\n allows attackers to execute arbitrary commands via unauthorized access to the Agent service. \n\nThis has been remediated in Work Desktop for Mac version 10.8.2.33."},{"lang":"es","value":"La verificación incorrecta del origen de un canal de comunicación en Work Desktop para Mac, versión 10.8.1.46 y anteriores, permite a los atacantes ejecutar comandos arbitrarios mediante acceso no autorizado al servicio del Agente. Este problema se ha solucionado en Work Desktop para Mac, versión 10.8.2.33."}],"metrics":{"cvssMetricV40":[{"source":"5d978718-751a-428d-ac8e-4f9445ebfd11","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"5d978718-751a-428d-ac8e-4f9445ebfd11","type":"Secondary","description":[{"lang":"en","value":"CWE-346"},{"lang":"en","value":"CWE-668"}]}],"references":[{"url":"https://docs.imanage.com/security/CVE-2025-3651.html","source":"5d978718-751a-428d-ac8e-4f9445ebfd11"}]}}]}