CISA: Trimble Releases Security Updates to Address a Vulnerability in Cityworks Software
Trimble Releases Security Updates to Address a Vulnerability in Cityworks Software
CISA is collaborating with private industry partners to respond to reports of exploitation of a vulnerability (CVE-2025-0994) discovered by Trimble impacting its Cityworks Server AMS (Asset Management System). Trimble has released security updates and an advisory addressing a recently discovered a deserialization vulnerability enabling an external actor to potentially conduct remote code execution (RCE) against a customer’s Microsoft Internet Information Services (IIS) web server.
CISA has added CVE-2025-0994 to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CISA strongly encourages users and administrators to search for indicators of compromise (IOCs) and apply the necessary updates and workarounds.
Review the following article for more information:
The Symantec Threat Hunter team, part of Broadcom, contributed to this guidance.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
