b2b-daily
Home | IT | Cyber Security

CISA Warns of Active Exploits Targeting Trimble Cityworks Software Flaw

Avatar photo
by Bairon McAdams
February 10, 2025
CISA Warns of Active Exploits Targeting Trimble Cityworks Software Flaw
Article Highlights
Off On

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning regarding an actively exploited vulnerability in Trimble Cityworks, a GIS-centric asset management software. This vulnerability, identified as CVE-2025-0994, is a deserialization of untrusted data flaw that holds a CVSS v4 score of 8.6, allowing remote code execution by authenticated users on Microsoft’s IIS web server.

The vulnerability affects all versions of Cityworks prior to 15.8.9, as well as Cityworks with office companion versions before 23.10. In response to the identified risk, Trimble released patches aimed at fixing this vulnerability on January 29, 2025.

Despite these updates, CISA has reported continuous exploitation attempts targeting specific Cityworks deployments. Investigations reveal that these exploitation attempts involve a Rust-based loader deploying Cobalt Strike and a Go-based remote access tool named VShell, along with other unidentified payloads, thus emphasizing the critical nature of the problem.

CISA has added CVE-2025-0994 to its Known Exploited Vulnerabilities catalog, underscoring the necessity for Federal Civilian Executive Branch agencies to address and remediate this flaw by February 28, 2025. Users and administrators of the affected software versions are strongly urged to apply the necessary updates without delay. Additionally, they should actively search for indicators of compromise (IoCs) to ensure their systems are not already affected.

The advisory issued by CISA highlights the imperative of keeping software updated as a primary measure to mitigate the risks associated with known vulnerabilities. This is particularly crucial for those that are actively exploited in real-world attacks, like the one currently targeting Trimble Cityworks. Cybersecurity professionals and users must adopt a vigilant stance, prioritizing the application of patches and continuous monitoring for any signs of compromise. By doing so, they can effectively protect their systems and data from the ever-evolving landscape of cyber threats. As the situation evolves, staying informed and responsive remains essential for those aiming to maintain robust cybersecurity defenses.

Risk Management

Explore more

Agentic AI Growth Systems – Review
May 7, 2026

The persistent failure of traditional marketing automation to address fragmented consumer behavior has finally reached a breaking point, necessitating a fundamental departure from rigid logic toward autonomous intelligence. For decades, the marketing technology sector operated on the assumption that a customer journey could be mapped and controlled through a series of “if-then” sequences. However, the sheer volume of digital touchpoints

Support Employee Wellbeing by Simplifying Wellness Initiatives
May 7, 2026

The modern professional landscape is currently saturated with a dizzying array of wellness programs that often leave employees feeling more exhausted than rejuvenated by the sheer volume of choices. Many organizations have traditionally operated under the assumption that more is better, offering everything from mindfulness apps and yoga sessions to complex nutritional workshops and competitive step challenges. However, the sheer

Baby Boomers vs. Gen Z: A Comparative Analysis
May 7, 2026

The modern office is no longer a monolith of shared experiences; instead, it has become a complex ecosystem where individuals born during the post-war era collaborate daily with digital natives who have never known a world without high-speed internet. This unprecedented age diversity is the defining characteristic of the current labor market, which now features four distinct generations working side-by-side.

Workplace AI Integration – Review
May 7, 2026

Corporate executives across the globe are no longer questioning whether artificial intelligence belongs in the office but are instead scrambling to master its integration before their competitors render them obsolete. This technological shift represents more than just a software upgrade; it is a fundamental restructuring of how business logic is executed across departments. Workplace AI has transitioned from a series

Is Your CRM a System of Record or a System of Execution?
May 7, 2026

The enterprise software landscape is currently undergoing a radical transformation as businesses abandon static databases in favor of intelligent engines that can actually finish the work they track. ServiceNow Autonomous CRM serves as a primary catalyst for this change, positioning itself not merely as a repository for customer information but as an active participant in operational workflows. By integrating agentic