CVE-2025-3651

Published Apr 17, 2025

Last updated 2 months ago

CVSS critical 9.3

Overview

Description: Improper Verification of Source of a Communication Channel in Work Desktop for Mac versions 10.8.1.46 and earlier allows attackers to execute arbitrary commands via unauthorized access to the Agent service. This has been remediated in Work Desktop for Mac version 10.8.2.33.
Source: 5d978718-751a-428d-ac8e-4f9445ebfd11
NVD status: Awaiting Analysis

Risk scores

CVSS 4.0

Type: Secondary
Base score: 9.3
Impact score: -
Exploitability score: -
Vector string: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity: CRITICAL

Weaknesses

5d978718-751a-428d-ac8e-4f9445ebfd11: CWE-346

Hype score: Not currently trending

[CVE-2025-3651: CRITICAL] Vulnerability in Mac versions < 10.8.2.33 allows attackers unauthorized access to execute commands through the Agent service. Enhance cyber security measures.#cve,CVE-2025-3651,#cybersecurity https://t.co/cLqEvByK5o https://t.co/HPaxUi1V7J
@CveFindCom
17 Apr 2025
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

References

Sources include official advisories and independent security research.