Skip to main content
CybersecurityVulnerability Management

CISA Alerts on Ongoing Exploitation of Trimble Cityworks Vulnerability Resulting in IIS RCE

CISA Alerts on Ongoing Exploitation of Trimble Cityworks Vulnerability Resulting in IIS RCE

Active Exploitation of Trimble Cityworks Vulnerability

CISA Alerts on Ongoing Exploitation of Trimble Cityworks Vulnerability Resulting in IIS RCE

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding the ongoing exploitation of a critical vulnerability in Trimble Cityworks, a GIS-centric asset management software. This vulnerability, identified as CVE-2025-0994, poses significant risks to organizations utilizing this software.

Overview of the Vulnerability

CVE-2025-0994 is classified as a deserialization of untrusted data vulnerability, which allows attackers to execute remote code on affected systems. The vulnerability has been assigned a CVSS v4 score of 8.6, indicating a high level of severity.

Key Points

  • Vulnerability Identifier: CVE-2025-0994
  • CVSS v4 Score: 8.6 (High)
  • Type: Deserialization of untrusted data
  • Impact: Remote Code Execution (RCE)
  • Active Exploitation: Confirmed in the wild

Recommendations

Organizations using Trimble Cityworks are urged to take immediate action to mitigate the risks associated with this vulnerability. Recommended steps include:

  • Applying any available patches or updates from Trimble.
  • Implementing network segmentation to limit exposure.
  • Monitoring systems for unusual activity that may indicate exploitation attempts.

Conclusion

The active exploitation of CVE-2025-0994 highlights the importance of maintaining up-to-date software and implementing robust security measures. Organizations should prioritize addressing this vulnerability to protect their systems and data from potential attacks.