20 matches found
Trimble Cityworks 15.x < 15.8.9 / 23.x < 23.10 Deserialization RCE
The version of Trimble Cityworks installed on the remote host is 15.x prior to 15.8.9, or 23.x prior to 23.10. It is, therefore, affected by a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer's Microsoft Internet...
Chinese Hackers Exploit Cityworks 0-Day to Hit US Local Governments
Cisco Talos warns of active exploitation of a zero-day vulnerability CVE-2025-0994 in Cityworks supposedly by Chinese hackers from…...
Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government Networks
A Chinese-speaking threat actor tracked as UAT-6382 has been linked to the exploitation of a now-patched remote-code-execution vulnerability in Trimble Cityworks to deliver Cobalt Strike and VShell. "UAT-6382 successfully exploited CVE-2025-0944, conducted reconnaissance, and rapidly deployed a...
UAT-6382 exploits Cityworks zero-day vulnerability to deliver malware
Cisco Talos has observed exploitation of CVE-2025-0994, a remote-code-execution vulnerability in Cityworks, a popular asset management system. The Cybersecurity and Infrastructure Security Agency CISA and Trimble have both released advisories pertaining to this vulnerability, with Trimble's...
The vulnerability of the software for managing assets and processes in Cityworks and Cityworks with Office Companion, related to deficiencies in deserialization mechanisms, allows attackers to execute remote code.
The vulnerability of the Cityworks and Cityworks with Office Companion asset management and process management software lies in the deficiencies of the deserialization mechanism. Exploiting this vulnerability allows a remote attacker to execute malicious code remotely...
Trimble Cityworks Web Detection
Binary data trimblecityworksdetect.nbin...
CISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems ICS advisories on February 11, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-319-17 2N Access Commander Update A ICSA-25-037-04 Trimble Cityworks Update A CISA...
CVE-2025-0994
Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services I...
CISA Warns of Active Exploits Targeting Trimble Cityworks Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency CISA has warned that a security flaw impacting Trimble Cityworks GIS-centric asset management software has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0994 CVSS v4 score: 8.6, a deserialization of...
Trimble Releases Security Updates to Address a Vulnerability in Cityworks Software
CISA is collaborating with private industry partners to respond to reports of exploitation of a vulnerability CVE-2025-0994 discovered by Trimble impacting its Cityworks Server AMS Asset Management System. Trimble has released security updates and an advisory addressing a recently discovered...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-0994link is external Trimble Cityworks Deserialization Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...
CVE-2025-0994
Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services I...
CVE-2025-0994
Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services I...
CVE-2025-0994
Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services I...
CVE-2025-0994
Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services I...
CISA Releases Six Industrial Control Systems Advisories
CISA released six Industrial Control Systems ICS advisories on February 6, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-037-01 Schneider Electric EcoStruxure Power Monitoring Expert PME ICSA-25-037-02...
VulnCheck KEV: CVE-2025-0994
Trimble Cityworks contains a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer's Microsoft Internet Information Services IIS web server...
CVE-2025-0994
Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services I...
Trimble Cityworks 安全漏洞
Trimble Cityworks is a top-tier GIS-centric platform for public asset lifecycle management and licensing from Trimble USA. A security vulnerability exists in Trimble Cityworks versions prior to 15.8.9 that stems from the presence of a deserialization issue that allows an authenticated user to...
PT-2025-5829
Name of the Vulnerable Software and Affected Versions Trimble Cityworks versions prior to 15.8.9 Trimble Cityworks with office companion versions prior to 23.10 Description A deserialization vulnerability could allow an authenticated user to perform a remote code execution attack against a...