b2b-daily
Search
Close this search box.
Search
Close this search box.
Home | IT | Cyber Security

CISA Warns of Active Exploits Targeting Trimble Cityworks Software Flaw

Avatar photo
by Bairon McAdams
February 10, 2025
CISA Warns of Active Exploits Targeting Trimble Cityworks Software Flaw
Article Highlights
Off On

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning regarding an actively exploited vulnerability in Trimble Cityworks, a GIS-centric asset management software. This vulnerability, identified as CVE-2025-0994, is a deserialization of untrusted data flaw that holds a CVSS v4 score of 8.6, allowing remote code execution by authenticated users on Microsoft’s IIS web server.

The vulnerability affects all versions of Cityworks prior to 15.8.9, as well as Cityworks with office companion versions before 23.10. In response to the identified risk, Trimble released patches aimed at fixing this vulnerability on January 29, 2025.

Despite these updates, CISA has reported continuous exploitation attempts targeting specific Cityworks deployments. Investigations reveal that these exploitation attempts involve a Rust-based loader deploying Cobalt Strike and a Go-based remote access tool named VShell, along with other unidentified payloads, thus emphasizing the critical nature of the problem.

CISA has added CVE-2025-0994 to its Known Exploited Vulnerabilities catalog, underscoring the necessity for Federal Civilian Executive Branch agencies to address and remediate this flaw by February 28, 2025. Users and administrators of the affected software versions are strongly urged to apply the necessary updates without delay. Additionally, they should actively search for indicators of compromise (IoCs) to ensure their systems are not already affected.

The advisory issued by CISA highlights the imperative of keeping software updated as a primary measure to mitigate the risks associated with known vulnerabilities. This is particularly crucial for those that are actively exploited in real-world attacks, like the one currently targeting Trimble Cityworks. Cybersecurity professionals and users must adopt a vigilant stance, prioritizing the application of patches and continuous monitoring for any signs of compromise. By doing so, they can effectively protect their systems and data from the ever-evolving landscape of cyber threats. As the situation evolves, staying informed and responsive remains essential for those aiming to maintain robust cybersecurity defenses.

Risk Management

Explore more

How Are B2B Marketers Adapting to Digital Shifts?
May 2, 2025

As technology continues its swift march forward, B2B marketers find themselves navigating a dynamic environment influenced by ever-evolving consumer behaviors and expectations. With digital transformation reshaping industries, businesses are tasked with embracing new tools and implementing strategies that not only enhance operational efficiency but also foster deeper connections with their target audiences. This shift necessitates an understanding of both the

Master Key Metrics for B2B Content Success in 2025
May 2, 2025

In the dynamic landscape of business-to-business (B2B) marketing, content holds its ground as an essential driver of business growth, continuously adapting to meet the evolving digital environment. As companies allocate more resources toward content strategies, deciphering the metrics that indicate success becomes not only advantageous but necessary. This discussion delves into crucial metrics defining B2B content success, providing insights into

Mindful Leadership Boosts Workplace Mental Health
May 2, 2025

The modern workplace landscape is increasingly acknowledging the profound impact of leadership styles on employee mental health, particularly highlighted during Mental Health Awareness Month. Leaders must do more than offer superficial perks like meditation apps to make a meaningful difference in well-being. True progress lies in incorporating genuine mental health priorities into organizational strategies, enhancing employee engagement, retention, and performance.

How Can Leaders Integrate Curiosity Into Development Plans?
May 2, 2025

In an ever-evolving business landscape demanding constant innovation, leaders are increasingly recognizing the power of curiosity as a key element for progress. Curiosity fuels the drive for exploration and adaptability, which are crucial in navigating contemporary challenges. Acknowledging this, the concept of Individual Development Plans (IDPs) has emerged as a strategic mechanism to cultivate a culture of curiosity within organizations.

How Can Strategic Benefits Attract Top Talent?
May 2, 2025

Amid the complexities of today’s workforce dynamics, businesses face significant challenges in their quest to attract and retain top talent. Despite the clear importance of salary, it is increasingly evident that competitive wages alone do not suffice to entice skilled professionals, especially in an era where employees value comprehensive benefits that align with their evolving needs. Companies must now adopt