b2b-daily
Home | IT | Cyber Security

CISA Warns of Active Exploits Targeting Trimble Cityworks Software Flaw

Avatar photo
by Bairon McAdams
February 10, 2025
CISA Warns of Active Exploits Targeting Trimble Cityworks Software Flaw
Article Highlights
Off On

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning regarding an actively exploited vulnerability in Trimble Cityworks, a GIS-centric asset management software. This vulnerability, identified as CVE-2025-0994, is a deserialization of untrusted data flaw that holds a CVSS v4 score of 8.6, allowing remote code execution by authenticated users on Microsoft’s IIS web server.

The vulnerability affects all versions of Cityworks prior to 15.8.9, as well as Cityworks with office companion versions before 23.10. In response to the identified risk, Trimble released patches aimed at fixing this vulnerability on January 29, 2025.

Despite these updates, CISA has reported continuous exploitation attempts targeting specific Cityworks deployments. Investigations reveal that these exploitation attempts involve a Rust-based loader deploying Cobalt Strike and a Go-based remote access tool named VShell, along with other unidentified payloads, thus emphasizing the critical nature of the problem.

CISA has added CVE-2025-0994 to its Known Exploited Vulnerabilities catalog, underscoring the necessity for Federal Civilian Executive Branch agencies to address and remediate this flaw by February 28, 2025. Users and administrators of the affected software versions are strongly urged to apply the necessary updates without delay. Additionally, they should actively search for indicators of compromise (IoCs) to ensure their systems are not already affected.

The advisory issued by CISA highlights the imperative of keeping software updated as a primary measure to mitigate the risks associated with known vulnerabilities. This is particularly crucial for those that are actively exploited in real-world attacks, like the one currently targeting Trimble Cityworks. Cybersecurity professionals and users must adopt a vigilant stance, prioritizing the application of patches and continuous monitoring for any signs of compromise. By doing so, they can effectively protect their systems and data from the ever-evolving landscape of cyber threats. As the situation evolves, staying informed and responsive remains essential for those aiming to maintain robust cybersecurity defenses.

Risk Management

Explore more

Falling Ether Prices Trigger DeFi Liquidation Stress
May 29, 2026

The sudden and precipitous decline of Ether prices below the critical psychological support level of $2,000 triggered a cascading wave of automated liquidations across the decentralized finance landscape, exposing the inherent fragility of highly leveraged on-chain positions. In May 2026, the market witnessed an unprecedented stress test when nearly $1 billion in digital assets were liquidated within a single twenty-four-hour

Bitcoin Faces Bear Market Risk as Key Technicals Falter
May 29, 2026

The digital asset landscape is currently grappling with a significant shift in momentum as Bitcoin struggles to maintain its footing above critical price thresholds that previously served as reliable foundations for bullish growth. Recent market movements have revealed a fragility that few anticipated during the optimistic rallies of the previous quarter, leading many analysts to suggest that a transition into

Can Project Agorá Modernize Global Cross-Border Payments?
May 29, 2026

The current infrastructure governing international financial transfers relies on a fragmented web of correspondent banking relationships that frequently result in delays, high costs, and a lack of transparency for businesses operating across borders. While domestic payment systems have undergone significant digital transformations, the mechanics of moving capital between different jurisdictions remain surprisingly antiquated, often involving manual reconciliations and multiple intermediary

Is Your Aging GPU Still Ready for 2026 AAA Games?
May 29, 2026

The rapid pace of technological advancement in the early part of this decade left many PC enthusiasts wondering if their expensive hardware would become obsolete within just a few years of its initial release. This concern was particularly prevalent during the early 2020s when rapid architectural leaps and the heavy demands of ray tracing made older hardware feel insufficient for

12GB RAM Becomes the New Standard for AI Phones in 2026
May 29, 2026

The mobile industry has reached a pivotal juncture where the internal specifications of a smartphone are no longer just about benchmarks or vanity metrics but are instead defined by the fundamental ability to process intelligence on the fly. For several years, manufacturers competed on superficial features like screen brightness or camera megapixels, yet the current landscape focuses almost entirely on