Trimble Cityworks Vulnerability CVE-2025-0994: Security Advisory
Overview
Trimble has recently identified a critical vulnerability, designated as CVE-2025-0994, affecting its Cityworks Server AMS (Asset Management System). This deserialization vulnerability poses a significant risk, as it could allow external actors to execute remote code on a customer’s Microsoft Internet Information Services (IIS) web server. In response, Trimble has issued security updates and an advisory to mitigate the risks associated with this vulnerability.
Key Points
- CISA is collaborating with private industry partners to address the exploitation of CVE-2025-0994.
- The vulnerability has been added to CISA’s Known Exploited Vulnerabilities Catalog due to evidence of active exploitation.
- Trimble has released an advisory detailing the vulnerability and providing indicators of compromise (IOCs).
- Users and administrators are strongly encouraged to search for IOCs and apply necessary updates and workarounds.
- The Symantec Threat Hunter team has contributed to the guidance provided in the advisory.
IT Relevance
The discovery of CVE-2025-0994 highlights critical implications for security across various IT domains, including cloud services, networking, and compliance. Organizations utilizing Trimble Cityworks must prioritize the application of security updates to safeguard their systems against potential remote code execution attacks. This incident underscores the importance of proactive vulnerability management and the need for continuous monitoring for indicators of compromise. Furthermore, it emphasizes the necessity for organizations to stay informed about emerging threats and collaborate with industry partners to enhance their security posture.




