Lucene search
K

20 matches found

Tenable Nessus
Tenable Nessus
added 2025/06/27 12:0 a.m.5 views

Trimble Cityworks 15.x < 15.8.9 / 23.x < 23.10 Deserialization RCE

The version of Trimble Cityworks installed on the remote host is 15.x prior to 15.8.9, or 23.x prior to 23.10. It is, therefore, affected by a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer's Microsoft Internet...

8.8CVSS7.9AI score0.28261EPSS
Exploits0References3
HackRead
HackRead
added 2025/05/26 3:29 p.m.21 views

Chinese Hackers Exploit Cityworks 0-Day to Hit US Local Governments

Cisco Talos warns of active exploitation of a zero-day vulnerability CVE-2025-0994 in Cityworks supposedly by Chinese hackers from…...

8.6CVSS7.3AI score0.28261EPSS
Exploits0
The Hacker News
The Hacker News
added 2025/05/22 3:6 p.m.14 views

Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government Networks

A Chinese-speaking threat actor tracked as UAT-6382 has been linked to the exploitation of a now-patched remote-code-execution vulnerability in Trimble Cityworks to deliver Cobalt Strike and VShell. "UAT-6382 successfully exploited CVE-2025-0944, conducted reconnaissance, and rapidly deployed a...

5.3CVSS9.5AI score0.01062EPSS
Exploits1
Talos Blog
Talos Blog
added 2025/05/22 10:0 a.m.38 views

UAT-6382 exploits Cityworks zero-day vulnerability to deliver malware

Cisco Talos has observed exploitation of CVE-2025-0994, a remote-code-execution vulnerability in Cityworks, a popular asset management system. The Cybersecurity and Infrastructure Security Agency CISA and Trimble have both released advisories pertaining to this vulnerability, with Trimble's...

9.8CVSS8.9AI score0.28261EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added 2025/03/14 12:0 a.m.6 views

The vulnerability of the software for managing assets and processes in Cityworks and Cityworks with Office Companion, related to deficiencies in deserialization mechanisms, allows attackers to execute remote code.

The vulnerability of the Cityworks and Cityworks with Office Companion asset management and process management software lies in the deficiencies of the deserialization mechanism. Exploiting this vulnerability allows a remote attacker to execute malicious code remotely...

9CVSS7.7AI score0.28261EPSS
Exploits0References4Affected Software2
Tenable Nessus
Tenable Nessus
added 2025/02/25 12:0 a.m.4 views

Trimble Cityworks Web Detection

Binary data trimblecityworksdetect.nbin...

7.3AI score
Exploits0References1
CISA
CISA
added 2025/02/11 12:0 p.m.3 views

CISA Releases Two Industrial Control Systems Advisories

CISA released two Industrial Control Systems ICS advisories on February 11, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-319-17 2N Access Commander Update A ICSA-25-037-04 Trimble Cityworks Update A CISA...

7AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/08 4:25 p.m.9 views

CVE-2025-0994

Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services I...

8.8CVSS8.9AI score0.28261EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2025/02/07 12:52 p.m.27 views

CISA Warns of Active Exploits Targeting Trimble Cityworks Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency CISA has warned that a security flaw impacting Trimble Cityworks GIS-centric asset management software has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0994 CVSS v4 score: 8.6, a deserialization of...

8.6CVSS9.1AI score0.28261EPSS
Exploits0
CISA
CISA
added 2025/02/07 12:0 p.m.5 views

Trimble Releases Security Updates to Address a Vulnerability in Cityworks Software

CISA is collaborating with private industry partners to respond to reports of exploitation of a vulnerability CVE-2025-0994 discovered by Trimble impacting its Cityworks Server AMS Asset Management System. Trimble has released security updates and an advisory addressing a recently discovered...

8.8CVSS8.3AI score0.28261EPSS
In wildExploits0References2
CISA
CISA
added 2025/02/07 12:0 p.m.4 views

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-0994link is external Trimble Cityworks Deserialization Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose...

8.8CVSS7.3AI score0.28261EPSS
In wildExploits0References6
OSV
OSV
added 2025/02/06 4:15 p.m.5 views

CVE-2025-0994

Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services I...

8.8CVSS6.5AI score0.28261EPSS
Exploits0References3
NVD
NVD
added 2025/02/06 4:15 p.m.21 views

CVE-2025-0994

Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services I...

8.8CVSS0.28261EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/02/06 4:1 p.m.28 views

CVE-2025-0994

Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services I...

8.6CVSS0.28261EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/02/06 4:1 p.m.17 views

CVE-2025-0994

Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services I...

8.6CVSS7.6AI score0.28261EPSS
Exploits0References2
CISA
CISA
added 2025/02/06 12:0 p.m.4 views

CISA Releases Six Industrial Control Systems Advisories

CISA released six Industrial Control Systems ICS advisories on February 6, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-037-01 Schneider Electric EcoStruxure Power Monitoring Expert PME ICSA-25-037-02...

7AI score
Exploits0References6
VulnCheck KEV
VulnCheck KEV
added 2025/02/06 12:0 a.m.5 views

VulnCheck KEV: CVE-2025-0994

Trimble Cityworks contains a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer's Microsoft Internet Information Services IIS web server...

8.8CVSS7.8AI score0.28261EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/02/06 12:0 a.m.92 views

CVE-2025-0994

Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services I...

8.8CVSS7.6AI score0.28261EPSS
In wildExploits0References3
CNNVD
CNNVD
added 2025/02/06 12:0 a.m.4 views

Trimble Cityworks 安全漏洞

Trimble Cityworks is a top-tier GIS-centric platform for public asset lifecycle management and licensing from Trimble USA. A security vulnerability exists in Trimble Cityworks versions prior to 15.8.9 that stems from the presence of a deserialization issue that allows an authenticated user to...

8.8CVSS7.6AI score0.28261EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/06 12:0 a.m.7 views

PT-2025-5829

Name of the Vulnerable Software and Affected Versions Trimble Cityworks versions prior to 15.8.9 Trimble Cityworks with office companion versions prior to 23.10 Description A deserialization vulnerability could allow an authenticated user to perform a remote code execution attack against a...

9CVSS7.7AI score0.28261EPSS
Exploits0References127
Rows per page
Query Builder