AI description
CVE-2025-0994 is a deserialization vulnerability affecting Trimble Cityworks software versions prior to 15.8.9 and Cityworks with Office Companion versions prior to 23.10. This vulnerability allows authenticated users to potentially execute remote code on a customer's Microsoft Internet Information Services (IIS) web server where Cityworks is hosted. Exploitation of this vulnerability has been observed in the wild, with attackers reportedly deploying malware such as Cobalt Strike. While Cityworks is used in various sectors, including those managing critical infrastructure, it does not directly control industrial processes.
- Description
- Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services (IIS) web server.
- Source
- ics-cert@hq.dhs.gov
- NVD status
- Analyzed
CVSS 4.0
- Type
- Secondary
- Base score
- 8.6
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Trimble Cityworks Deserialization Vulnerability
- Exploit added on
- Feb 7, 2025
- Exploit action due
- Feb 28, 2025
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- ics-cert@hq.dhs.gov
- CWE-502
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
A recent report from the @CISAgov (CISA) warns of a critical vulnerability in Trimble Cityworks that has been exploited by hackers to conduct remote code execution (RCE) attacks. The vulnerability, tracked as CVE-2025-0994, allows attackers to gain unauthorized access to systems
@bytagig
22 Feb 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-0994
@transilienceai
22 Feb 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-0994
@transilienceai
21 Feb 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#threatreport #MediumCompleteness Trimble Cityworks: CVE-2025-0994 | 19-02-2025 Source: https://t.co/xzXeR2J67V Key details below ↓ 💀Threats: Cobalt_strike, Vshell, Putty_tool, 🎯Victims: Local governments, Utilities 🏭Industry: Critical_infrastructure, Transport,… https://t.
@rst_cloud
20 Feb 2025
51 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-0994
@transilienceai
19 Feb 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-0994
@transilienceai
19 Feb 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CISA warns of active exploitation in Trimble Cityworks software. Protect against CVE-2025-0994. Stay informed. URL: https://t.co/F5J30LoSTZ
@threatlight
18 Feb 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-0994
@transilienceai
18 Feb 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-0994
@transilienceai
17 Feb 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-0994
@transilienceai
16 Feb 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-0994
@transilienceai
15 Feb 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-0994
@transilienceai
15 Feb 2025
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-0994
@transilienceai
13 Feb 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Unpacking the Cityworks RCE Bug: A Deep Dive into CVE-2025-0994 https://t.co/pxNVhY8FFa #cve20250994 #cityworks #rce #cybersecurity #infosec #vulnerability #microsoftiis #criticalinfrastructure #cyberthreats #patchmanagement
@DefendOpsHQ
11 Feb 2025
26 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA warns of active exploitation in Trimble Cityworks GIS software, with a high-severity vulnerability (CVE-2025-0994, CVSS 8.6) being weaponized in the wild. If left unpatched, attackers could gain unauthorized access and deploy harmful payloads like Cobalt Strike and… http
@achi_tech
11 Feb 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers Exploiting Cityworks RCE Vulnerability (CVE-2025-0994)! Attackers use deserialization flaws to execute commands on Microsoft IIS servers, deploying Cobalt Strike for access. Affects Cityworks versions <15.8.9 & <23.10. Update & secure configurations ASAP
@dCypherIO
11 Feb 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 La CISA alerta sobre la vulnerabilidad CVE-2025-0994 en Trimble Cityworks que permite ejecución remota de código. ¡Las organizaciones deben aplicar parches ya! Protege tu infraestructura crítica. Más info: https://t.co/H7XGM21JW9 #Ciberseguridad #Vulnerabilidad
@SotyHub
10 Feb 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Kritieke kwetsbaarheid in trimble cityworks: wat u moet weten https://t.co/qmThsX5THv #CVE-2025-0994 #Trimble Cityworks #Deserialisatie Kwetsbaarheid #Remote Code Execution #Microsoft IIS Webserver #Trending #Tech #Nieuws
@TrendingNewsBot
10 Feb 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-0994
@transilienceai
10 Feb 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
【リンク集:2月8日〜10日のセキュリティ関連ニュース/記事】 <脆弱性> ・CVE-2025-0994:Trimble Cityworksの重大な脆弱性が悪用される https://t.co/ph71NjJe5a ・CityworksのRCEバグでMicrosoft IISサーバーがハッキング許す(CVE-2025-0994) https://t.co/gepphreHor ・IBM Security Verify… https://t.co/YBEfrhUpVX
@MachinaRecord
10 Feb 2025
122 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-0994: Cityworks RCE Vulnerability Under Attack https://t.co/WFIThRJsiA
@the_yellow_fall
10 Feb 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
В ПО Trimble Cityworks обнаружена уязвимость Zero-Day (CVE-2025-0994), которая позволяет злоумышленникам выполнить удаленный код на веб-серверах Microsoft IIS, что может привести к полному контролю над сервером. Подробнее https://t.co/sxcUSGiMLv https://t.co/n1d1pE4cgJ
@KZCERT
10 Feb 2025
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers Given the recent developments with Trimble's Cityworks software and the exploitation of a deserialization vulnerability (CVE-2025-0994) by hackers to breach Microsoft IIS servers, here's what you should know and…
@KOLSI_KOLSI
10 Feb 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA が既知の悪用された脆弱性をカタログに追加 CISA Adds One Known Exploited Vulnerability to Catalog #CISA (Feb 7) - CVE-2025-0994 Trimble Cityworks のデシリアライゼーション脆弱性 https://t.co/peeMktu0Tw
@foxbook
9 Feb 2025
330 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-0994
@transilienceai
9 Feb 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2025-0994
@transilienceai
9 Feb 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
cve-2025-0994 is known to be exploited by Cobalt Strike. https://t.co/az9FlQmQWY
@GrimmAnalyst
8 Feb 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国CISAが悪用を確認した脆弱性 #KEV をカタログに追加しました。 🛡️No.1264 CVE-2025-0994 Trimble Cityworks Deserialization Vulnerability ============= CVSSスコア:8.6 (Base) / ICS-CERT CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N… https://t.co/sKoNp2sUVa
@piyokango
8 Feb 2025
5703 Impressions
0 Retweets
14 Likes
1 Bookmark
0 Replies
0 Quotes
Threat Alert: CISA warns Trimble Cityworks customers of actively exploited RCE flaw CVE-2025-0994 Severity: ⚠️ Critical Maturity: 💥 Mainstream Learn more: https://t.co/Jz4JmOqdzm #CyberSecurity #ThreatIntel #InfoSec
@fletch_ai
8 Feb 2025
56 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical vulnerability in Trimble Cityworks (CVE-2025-0994) poses serious risks for federal agencies. Patches due by Feb 28 to prevent remote code execution. High severity score of 8.4. 🛡️🔒 #Trimble #GovTech #USA link: https://t.co/zf6PP3uc6v https://t.co/OgNw1sp4T5
@TweetThreatNews
8 Feb 2025
58 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISA Warns of Active Exploits Targeting Trimble Cityworks Vulnerability: https://t.co/otOgPlOOcf CISA has issued a warning regarding active exploitation of a vulnerability (CVE-2025-0994, CVSS 8.6) in Trimble Cityworks software, allowing remote code execution on Microsoft IIS… h
@securityRSS
7 Feb 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 A critical deserialization vulnerability (CVE-2025-0994) in Trimble Cityworks exposes Microsoft IIS servers to remote command execution. Users must secure their setups to prevent breaches. #Cityworks #IIS #USA link: https://t.co/UQx0Ssiuuj https://t.co/hbC27c6DCA
@TweetThreatNews
7 Feb 2025
33 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-0994: Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack. https://t.co/IfycBt8gEs ht
@cyber_advising
7 Feb 2025
441 Impressions
0 Retweets
5 Likes
2 Bookmarks
0 Replies
0 Quotes
Trimble released security updates for a deserialization vulnerability CVE-2025-0994 impacting its Cityworks Server AMS. This enables threat actors to conduct remote code execution against a customer’s Microsoft IIS web server. Apply updates & learn more 👉 https://t.co/TyBvD9
@CISACyber
7 Feb 2025
4686 Impressions
11 Retweets
29 Likes
2 Bookmarks
1 Reply
1 Quote
⚠️ CISA alerts on active exploitation of a critical vulnerability (CVE-2025-0994, CVSS 8.6) in Trimble Cityworks GIS software. 🚨 If unpatched, attackers could exploit it to gain unauthorized access and deploy malicious tools like Cobalt Strike and VShell.
@NetDefendJA
7 Feb 2025
60 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISA has issued a warning about a critical vulnerability (CVE-2025-0994) in Trimble Cityworks software, enabling remote code execution by authenticated users. Patch released. ⚠️ #Trimble #CISA #USA link: https://t.co/Etyok12N6S https://t.co/FTy2SRIRqq
@TweetThreatNews
7 Feb 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
i've created a detection script to scan your infra for CVE-2025-0994 amid active exploitation attempts reported by CISA: https://t.co/02iAHeyaH5 only scan infra you own/have permission to scan https://t.co/H29jipOgYJ
@rxerium
7 Feb 2025
115 Impressions
2 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 CISA alerts that a serious security flaw (CVE-2025-0994) in Trimble Cityworks software is being actively exploited. This bug allows for remote code execution, posing a significant risk. Users are urged to update to the latest version ASAP for protection. Stay vigilant! 🔐💻
@eilonh1
7 Feb 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 CISA warns of active exploitation in Trimble Cityworks GIS software, with a high-severity vulnerability (CVE-2025-0994, CVSS 8.6) being weaponized in the wild. If left unpatched, attackers could gain unauthorized access and deploy harmful payloads like Cobalt Strike and… http
@TheHackersNews
7 Feb 2025
8000 Impressions
7 Retweets
20 Likes
5 Bookmarks
1 Reply
1 Quote
Actively exploited CVE : CVE-2025-0994
@transilienceai
7 Feb 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-0994 affects Trimble Cityworks #CVE-2025-0994 #TrimbleCityWorks https://t.co/aANckGjLQs
@pravin_karthik
7 Feb 2025
42 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Trimble warns Cityworks users about CVE-2025-0994, a high-severity zero-day vulnerability allowing remote code execution on Microsoft IIS servers. Patches released to mitigate risks. 🛡️ #Trimble #Infrastructure #USA link: https://t.co/wckchbrZ8P https://t.co/w8TPBIS8bG
@TweetThreatNews
7 Feb 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-0994: HIGH] Attention Trimble Cityworks users! Versions before 23.10 are at risk of a deserialization flaw, enabling authenticated attackers to execute remote code on IIS servers. Update now!#cybersecurity,#vulnerability https://t.co/Hu3IkeI6bP https://t.co/syM1lOvhGQ
@CveFindCom
6 Feb 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-0994 Trimble Cityworks versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution a… https://t.co/BIPDbqec2F
@CVEnew
6 Feb 2025
240 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trimble:cityworks:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "97280FE5-5F66-4B2B-88B0-6F6E671FF90A",
"versionEndExcluding": "15.8.9"
},
{
"criteria": "cpe:2.3:a:trimble:cityworks:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E611E790-43D6-457E-8C82-E5CB157F14E3",
"versionEndExcluding": "23.10",
"versionStartIncluding": "23.0"
}
],
"operator": "OR"
}
]
}
]