Summary: Federal civilian agencies are mandated to patch a critical vulnerability (CVE-2025-0994) affecting Trimble Cityworks, a widely-used infrastructure management tool. CISA warns that this vulnerability could allow hackers to execute remote code on affected systems, with a deadline for patches set for February 28. The bug has a high severity score of 8.4, impacting all versions prior to 15.8.9, and the company has issued guidance to enhance security measures for its customers.
Affected: Federal civilian agencies using Trimble Cityworks
Keypoints :
- Trimble Cityworks is leveraged by various government agencies to manage public infrastructure.
- The vulnerability enables potential remote code execution on Microsoft IIS web servers.
- A patch was released on January 29, and agencies need to take additional actions to limit exposure.
- All versions prior to 15.8.9 are deemed vulnerable, with serious implications if exploited.
- Trimble has been dealing with attempts to breach its customers’ deployments amid this security concern.
Source: https://therecord.media/hackers-exploiting-trimble-cityworks-bug-used-by-local-govs