Lucene search
K

6 matches found

Talos Blog
Talos Blog
added 2025/05/22 10:0 a.m.38 views

UAT-6382 exploits Cityworks zero-day vulnerability to deliver malware

Cisco Talos has observed exploitation of CVE-2025-0994, a remote-code-execution vulnerability in Cityworks, a popular asset management system. The Cybersecurity and Infrastructure Security Agency CISA and Trimble have both released advisories pertaining to this vulnerability, with Trimble's...

9.8CVSS8.9AI score0.28261EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/02/08 4:25 p.m.11 views

CVE-2025-0994

Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services I...

8.8CVSS8.9AI score0.28261EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2025/02/07 12:52 p.m.29 views

CISA Warns of Active Exploits Targeting Trimble Cityworks Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA has warned that a security flaw impacting Trimble Cityworks GIS-centric asset management software has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0994 CVSS v4 score: 8.6, a deserialization of...

8.6CVSS9.1AI score0.28261EPSS
Exploits0
CISA
CISA
added 2025/02/07 12:0 p.m.7 views

Trimble Releases Security Updates to Address a Vulnerability in Cityworks Software

CISA is collaborating with private industry partners to respond to reports of exploitation of a vulnerability CVE-2025-0994 discovered by Trimble impacting its Cityworks Server AMS Asset Management System. Trimble has released security updates and an advisory addressing a recently discovered...

8.8CVSS8.3AI score0.28261EPSS
In wildExploits0References2
Vulnrichment
Vulnrichment
added 2025/02/06 4:1 p.m.18 views

CVE-2025-0994

Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services I...

8.6CVSS7.6AI score0.28261EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/06 12:0 a.m.7 views

PT-2025-5829

Name of the Vulnerable Software and Affected Versions Trimble Cityworks versions prior to 15.8.9 Trimble Cityworks with office companion versions prior to 23.10 Description A deserialization vulnerability could allow an authenticated user to perform a remote code execution attack against a...

9CVSS7.7AI score0.28261EPSS
Exploits0References127
Rows per page
Query Builder