b2b-daily
Home | IT | Cyber Security

CISA Warns of Active Exploits Targeting Trimble Cityworks Software Flaw

Avatar photo
by Bairon McAdams
February 10, 2025
CISA Warns of Active Exploits Targeting Trimble Cityworks Software Flaw
Article Highlights
Off On

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning regarding an actively exploited vulnerability in Trimble Cityworks, a GIS-centric asset management software. This vulnerability, identified as CVE-2025-0994, is a deserialization of untrusted data flaw that holds a CVSS v4 score of 8.6, allowing remote code execution by authenticated users on Microsoft’s IIS web server.

The vulnerability affects all versions of Cityworks prior to 15.8.9, as well as Cityworks with office companion versions before 23.10. In response to the identified risk, Trimble released patches aimed at fixing this vulnerability on January 29, 2025.

Despite these updates, CISA has reported continuous exploitation attempts targeting specific Cityworks deployments. Investigations reveal that these exploitation attempts involve a Rust-based loader deploying Cobalt Strike and a Go-based remote access tool named VShell, along with other unidentified payloads, thus emphasizing the critical nature of the problem.

CISA has added CVE-2025-0994 to its Known Exploited Vulnerabilities catalog, underscoring the necessity for Federal Civilian Executive Branch agencies to address and remediate this flaw by February 28, 2025. Users and administrators of the affected software versions are strongly urged to apply the necessary updates without delay. Additionally, they should actively search for indicators of compromise (IoCs) to ensure their systems are not already affected.

The advisory issued by CISA highlights the imperative of keeping software updated as a primary measure to mitigate the risks associated with known vulnerabilities. This is particularly crucial for those that are actively exploited in real-world attacks, like the one currently targeting Trimble Cityworks. Cybersecurity professionals and users must adopt a vigilant stance, prioritizing the application of patches and continuous monitoring for any signs of compromise. By doing so, they can effectively protect their systems and data from the ever-evolving landscape of cyber threats. As the situation evolves, staying informed and responsive remains essential for those aiming to maintain robust cybersecurity defenses.

Risk Management

Explore more

Is Shadow AI Putting Your Small Business at Risk?
May 5, 2026

Behind the closed doors of modern office spaces, nearly half of the global workforce is currently leveraging unauthorized artificial intelligence tools to meet increasingly aggressive deadlines without the knowledge or consent of their management teams. This phenomenon, known as shadow AI, creates a sprawling underground economy of digital shortcuts that bypass traditional security protocols and oversight mechanisms. While these employees

Is AI-Driven Efficiency Killing Workplace Innovation?
May 5, 2026

The corporate landscape is currently witnessing an unprecedented surge in algorithmic optimization that paradoxically leaves human potential idling on the sidelines of progress. While digital dashboards report record-breaking speed and accuracy, the internal machinery of human ingenuity is beginning to rust from underuse. This friction between cold efficiency and warm creativity defines the modern office, where the pursuit of perfection

Is Efficiency Replacing Empathy in the AI-Driven Workplace?
May 5, 2026

The once-vibrant focus on expansive employee wellness programs and emotional support systems is rapidly yielding to a more clinical, data-driven architecture that prioritizes systemic output over individual sentiment. While the early part of this decade emphasized the human side of the workforce as a response to global instability, the current trajectory points toward a rigorous pursuit of optimization. Organizations are

5 ChatGPT Prompts to Build a Self-Sufficient Team
May 5, 2026

The moment a founder realizes that their physical presence is the primary obstacle to the growth of their organization, the true journey toward a scalable enterprise begins. Many entrepreneurs fall into the trap of perpetual micromanagement, believing that personal involvement in every micro-decision ensures quality and consistency. However, this level of control eventually becomes a debilitating bottleneck that limits the

Trend Analysis: Recycling Industry Automation
May 5, 2026

In the current landscape of global sustainability, municipal sorting facilities are grappling with a daunting forty percent employee turnover rate while simultaneously confronting extremely hazardous environmental conditions that jeopardize human safety on a daily basis. As these facilities struggle to maintain operations, a new generation of robotic colleagues is stepping onto the sorting floor to mitigate this chronic labor crisis.