Lucene search
K

15 matches found

Tenable Nessus
Tenable Nessus
added 2025/06/27 12:0 a.m.5 views

Trimble Cityworks 15.x < 15.8.9 / 23.x < 23.10 Deserialization RCE

The version of Trimble Cityworks installed on the remote host is 15.x prior to 15.8.9, or 23.x prior to 23.10. It is, therefore, affected by a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer's Microsoft Internet...

8.8CVSS7.9AI score0.28261EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2025/05/22 3:6 p.m.14 views

Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government Networks

A Chinese-speaking threat actor tracked as UAT-6382 has been linked to the exploitation of a now-patched remote-code-execution vulnerability in Trimble Cityworks to deliver Cobalt Strike and VShell. "UAT-6382 successfully exploited CVE-2025-0944, conducted reconnaissance, and rapidly deployed a...

5.3CVSS9.5AI score0.01062EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/02/25 12:0 a.m.4 views

Trimble Cityworks Web Detection

Binary data trimblecityworksdetect.nbin...

7.3AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/08 4:25 p.m.9 views

CVE-2025-0994

Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services I...

8.8CVSS8.9AI score0.28261EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2025/02/07 12:52 p.m.27 views

CISA Warns of Active Exploits Targeting Trimble Cityworks Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA has warned that a security flaw impacting Trimble Cityworks GIS-centric asset management software has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0994 CVSS v4 score: 8.6, a deserialization of...

8.6CVSS9.1AI score0.28261EPSS
Exploits0
CISA
CISA
added 2025/02/07 12:0 p.m.4 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-0994link is external Trimble Cityworks Deserialization Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...

8.8CVSS7.3AI score0.28261EPSS
In wildExploits0References6
OSV
OSV
added 2025/02/06 4:15 p.m.5 views

CVE-2025-0994

Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services I...

8.8CVSS6.5AI score0.28261EPSS
Exploits0References3
NVD
NVD
added 2025/02/06 4:15 p.m.21 views

CVE-2025-0994

Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services I...

8.8CVSS0.28261EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/02/06 4:1 p.m.28 views

CVE-2025-0994

Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services I...

8.6CVSS0.28261EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/06 4:1 p.m.17 views

CVE-2025-0994

Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services I...

8.6CVSS7.6AI score0.28261EPSS
Exploits0References2
CISA
CISA
added 2025/02/06 12:0 p.m.4 views

CISA Releases Six Industrial Control Systems Advisories

CISA released six Industrial Control Systems ICS advisories on February 6, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-037-01 Schneider Electric EcoStruxure Power Monitoring Expert PME ICSA-25-037-02...

7AI score
Exploits0References6
VulnCheck KEV
VulnCheck KEV
added 2025/02/06 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-0994

Trimble Cityworks contains a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer's Microsoft Internet Information Services IIS web server...

8.8CVSS7.8AI score0.28261EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/02/06 12:0 a.m.92 views

CVE-2025-0994

Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services I...

8.8CVSS7.6AI score0.28261EPSS
In wildExploits0References3
CNNVD
CNNVD
added 2025/02/06 12:0 a.m.4 views

Trimble Cityworks 安全漏洞

Trimble Cityworks is a top-tier GIS-centric platform for public asset lifecycle management and licensing from Trimble USA. A security vulnerability exists in Trimble Cityworks versions prior to 15.8.9 that stems from the presence of a deserialization issue that allows an authenticated user to...

8.8CVSS7.6AI score0.28261EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/06 12:0 a.m.7 views

PT-2025-5829

Name of the Vulnerable Software and Affected Versions Trimble Cityworks versions prior to 15.8.9 Trimble Cityworks with office companion versions prior to 23.10 Description A deserialization vulnerability could allow an authenticated user to perform a remote code execution attack against a...

9CVSS7.7AI score0.28261EPSS
Exploits0References127
Rows per page
Query Builder