b2b-daily
Home | IT | Cyber Security

CISA Warns of Active Exploits Targeting Trimble Cityworks Software Flaw

Avatar photo
by Bairon McAdams
February 10, 2025
CISA Warns of Active Exploits Targeting Trimble Cityworks Software Flaw
Article Highlights
Off On

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning regarding an actively exploited vulnerability in Trimble Cityworks, a GIS-centric asset management software. This vulnerability, identified as CVE-2025-0994, is a deserialization of untrusted data flaw that holds a CVSS v4 score of 8.6, allowing remote code execution by authenticated users on Microsoft’s IIS web server.

The vulnerability affects all versions of Cityworks prior to 15.8.9, as well as Cityworks with office companion versions before 23.10. In response to the identified risk, Trimble released patches aimed at fixing this vulnerability on January 29, 2025.

Despite these updates, CISA has reported continuous exploitation attempts targeting specific Cityworks deployments. Investigations reveal that these exploitation attempts involve a Rust-based loader deploying Cobalt Strike and a Go-based remote access tool named VShell, along with other unidentified payloads, thus emphasizing the critical nature of the problem.

CISA has added CVE-2025-0994 to its Known Exploited Vulnerabilities catalog, underscoring the necessity for Federal Civilian Executive Branch agencies to address and remediate this flaw by February 28, 2025. Users and administrators of the affected software versions are strongly urged to apply the necessary updates without delay. Additionally, they should actively search for indicators of compromise (IoCs) to ensure their systems are not already affected.

The advisory issued by CISA highlights the imperative of keeping software updated as a primary measure to mitigate the risks associated with known vulnerabilities. This is particularly crucial for those that are actively exploited in real-world attacks, like the one currently targeting Trimble Cityworks. Cybersecurity professionals and users must adopt a vigilant stance, prioritizing the application of patches and continuous monitoring for any signs of compromise. By doing so, they can effectively protect their systems and data from the ever-evolving landscape of cyber threats. As the situation evolves, staying informed and responsive remains essential for those aiming to maintain robust cybersecurity defenses.

Risk Management

Explore more

Can AI Restore Meaning and Purpose to the Modern Workplace?
May 19, 2026

The traditional boundaries of corporate efficiency are currently undergoing a radical transformation as organizations realize that silicon-based intelligence performs best when it serves as a scaffold for human creativity rather than a replacement for it. While artificial intelligence continues to reshape every corner of the global economy, the most successful enterprises are uncovering a profound truth: the ultimate value of

Trend Analysis: Generative AI in Talent Management
May 19, 2026

The rapid assimilation of generative artificial intelligence into the corporate structure has reached a point where the very tasks once considered the bedrock of professional apprenticeships are being systematically automated into oblivion. While the promise of near-instantaneous productivity is undeniably attractive to the modern executive, a quiet crisis is brewing beneath the surface of the organizational chart. This paradox of

B2B Marketing Must Pivot to Content Reinvestment by 2027
May 19, 2026

The traditional architecture of digital demand generation is currently fracturing under the immense weight of generative search engines that answer complex buyer queries without ever requiring a click. For over two decades, the operational framework of B2B marketing remained remarkably consistent, relying on a linear progression where search engine optimization drove traffic to corporate websites to exchange gated white papers

How Is AI Reshaping the Modern B2B Buyer Journey?
May 19, 2026

The silent transformation of the B2B buyer journey has reached a critical juncture where the majority of research occurs long before a sales representative ever enters the conversation. This shift toward self-directed, AI-facilitated exploration has redefined the requirements for agency leadership. To address these evolving dynamics, Allytics has officially promoted Jeff Wells to Vice President, placing him at the helm

FinTurk Launches AI-Powered CRM for Financial Advisors
May 19, 2026

The modern wealth management office often feels like a digital contradiction where advisors utilize sophisticated market algorithms while simultaneously fighting a losing battle against static spreadsheets and rigid database entries. For decades, the financial industry has tolerated customer relationship management systems that function more like electronic filing cabinets than dynamic business tools. FinTurk enters this landscape with a bold proposition