The vulnerability of the software for managing assets and processes in Cityworks and Cityworks with Office Companion, related to deficiencies in deserialization mechanisms, allows attackers to execute remote code.

The vulnerability of the Cityworks and Cityworks with Office Companion asset management and process management software lies in the deficiencies of the deserialization mechanism. Exploiting this vulnerability allows a remote attacker to execute malicious code remotely...

CVE-2025-0994

Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services I...