Alert: Hackers Actively Exploiting Critical Flaw in Trimble Cityworks Systems

Critical Security Vulnerability Under Active Exploitation in Trimble Cityworks Software

A severe security vulnerability (CVE-2025-0994) in Trimble Cityworks GIS-centric asset management software is currently being exploited in the wild, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The flaw, rated with a CVSS v4 score of 8.6, allows authenticated users to execute remote code on Microsoft IIS web servers.

Affected Versions:
– Cityworks: All versions before 15.8.9
– Cityworks with office companion: All versions before 23.10

Trimble has confirmed unauthorized access attempts on specific customer deployments. Analysis of the attacks reveals that threat actors are deploying:
– A Rust-based loader
– Cobalt Strike
– VShell (a Go-based remote access tool)

Security Measures:
– Patches were released on January 29, 2025
– CISA has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog
– Federal agencies must implement fixes by February 28, 2025

Immediate Action Required:
Organizations using affected versions should immediately update to the latest version and check for potential compromise indicators.

Keywords: Trimble Cityworks vulnerability, CVE-2025-0994, GIS asset management security, Microsoft IIS exploit, CISA security advisory, remote code execution vulnerability

Share This Article

Alert: Hackers Actively Exploiting Critical Flaw in Trimble Cityworks Systems

Related Articles

Urgent Alert: Booking.com Phishing Scam Uses “ClickFix” Trick to Deploy Dangerous Malware Against Hospitality Workers

Urgent Alert: Critical FreeType Vulnerability Actively Exploited in the Wild – What You Need to Know

Alert: Medusa Ransomware Strikes Over 300 U.S. Critical Infrastructure Organizations

Quick Links

Company

Get In Touch