b2b-daily
Home | IT | Cyber Security

CISA Warns of Active Exploits Targeting Trimble Cityworks Software Flaw

Avatar photo
by Bairon McAdams
February 10, 2025
CISA Warns of Active Exploits Targeting Trimble Cityworks Software Flaw
Article Highlights
Off On

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning regarding an actively exploited vulnerability in Trimble Cityworks, a GIS-centric asset management software. This vulnerability, identified as CVE-2025-0994, is a deserialization of untrusted data flaw that holds a CVSS v4 score of 8.6, allowing remote code execution by authenticated users on Microsoft’s IIS web server.

The vulnerability affects all versions of Cityworks prior to 15.8.9, as well as Cityworks with office companion versions before 23.10. In response to the identified risk, Trimble released patches aimed at fixing this vulnerability on January 29, 2025.

Despite these updates, CISA has reported continuous exploitation attempts targeting specific Cityworks deployments. Investigations reveal that these exploitation attempts involve a Rust-based loader deploying Cobalt Strike and a Go-based remote access tool named VShell, along with other unidentified payloads, thus emphasizing the critical nature of the problem.

CISA has added CVE-2025-0994 to its Known Exploited Vulnerabilities catalog, underscoring the necessity for Federal Civilian Executive Branch agencies to address and remediate this flaw by February 28, 2025. Users and administrators of the affected software versions are strongly urged to apply the necessary updates without delay. Additionally, they should actively search for indicators of compromise (IoCs) to ensure their systems are not already affected.

The advisory issued by CISA highlights the imperative of keeping software updated as a primary measure to mitigate the risks associated with known vulnerabilities. This is particularly crucial for those that are actively exploited in real-world attacks, like the one currently targeting Trimble Cityworks. Cybersecurity professionals and users must adopt a vigilant stance, prioritizing the application of patches and continuous monitoring for any signs of compromise. By doing so, they can effectively protect their systems and data from the ever-evolving landscape of cyber threats. As the situation evolves, staying informed and responsive remains essential for those aiming to maintain robust cybersecurity defenses.

Risk Management

Explore more

How Is the New Wormable XMRig Malware Evolving?
February 27, 2026

The rapid transformation of cryptojacking from a minor background annoyance into a sophisticated, kernel-level security threat has forced global cybersecurity professionals to fundamentally rethink their entire defensive posture as the landscape continues to shift through 2026. While earlier versions of Monero-mining software were often content to quietly steal idle CPU cycles, the emergence of a new, wormable XMRig variant signals

AI-Driven Behavioral Intelligence – Review
February 27, 2026

The rapid proliferation of machine-learning-assisted malware has officially transformed the cybersecurity landscape into a high-stakes competition where static defense is no longer a viable strategy for survival. While traditional security measures once relied on a digital library of known threats to protect networks, the current environment demands a system capable of interpreting the intent behind a process rather than just

Trend Analysis: India AI Sovereignty and Evaluation Standards
February 27, 2026

While the global race to build the largest large language model often dominates technology headlines, a more subtle and arguably more consequential shift is occurring within the Indian subcontinent’s technological landscape. This transition marks a departure from the simple pursuit of “national champion” models toward a more sophisticated objective: the establishment of sovereign evaluation standards. As artificial intelligence becomes deeply

AI and Stolen Credentials Redefine Modern Enterprise Risk
February 27, 2026

The traditional castle-and-moat defense strategy has become an obsolete relic in an era where digital identities are the primary gateway for highly sophisticated global threat actors. Recent data suggests that enterprise risk has fundamentally transitioned from frequent but localized incidents toward high-impact disruptions that threaten the very fabric of systemic stability. This shift is punctuated by the emergence of identity

How Is AI Accelerating the Speed of Modern Cyberattacks?
February 27, 2026

Dominic Jainy brings a wealth of knowledge in artificial intelligence and blockchain to the table, offering a unique perspective on the modern threat landscape. As cybercriminals harness machine learning to automate exploitation, the gap between a vulnerability being discovered and a breach occurring is shrinking at an alarming rate. We sit down with him to discuss the shift toward identity-based