Summary: Trimble has alerted users of its Cityworks product about a high-severity vulnerability, CVE-2025-0994, which has been actively exploited, allowing remote code execution via deserialization issues on Microsoft IIS servers. The vulnerability requires authentication and is primarily concerning to organizations in sectors relying on infrastructure management, including local governments and utilities. Trimble has released patches in response to these security concerns, urging customers to address misconfigurations in their deployments.
Affected: Trimble Cityworks
Keypoints :
- CVE-2025-0994 is a zero-day vulnerability that enables remote code execution.
- The vulnerability has been exploited in targeted attacks against specific customers’ Cityworks deployments.
- Trimble issued patches in versions 15.8.9 and 23.10 to mitigate the security risks.
- Organizations are advised to correct overprivileged IIS permissions and misconfigurations in their setups.
Source: https://www.securityweek.com/trimble-cityworks-customers-warned-of-zero-day-exploitation/