b2b-daily
Home | IT | Cyber Security

CISA Warns of Active Exploits Targeting Trimble Cityworks Software Flaw

Avatar photo
by Bairon McAdams
February 10, 2025
CISA Warns of Active Exploits Targeting Trimble Cityworks Software Flaw
Article Highlights
Off On

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning regarding an actively exploited vulnerability in Trimble Cityworks, a GIS-centric asset management software. This vulnerability, identified as CVE-2025-0994, is a deserialization of untrusted data flaw that holds a CVSS v4 score of 8.6, allowing remote code execution by authenticated users on Microsoft’s IIS web server.

The vulnerability affects all versions of Cityworks prior to 15.8.9, as well as Cityworks with office companion versions before 23.10. In response to the identified risk, Trimble released patches aimed at fixing this vulnerability on January 29, 2025.

Despite these updates, CISA has reported continuous exploitation attempts targeting specific Cityworks deployments. Investigations reveal that these exploitation attempts involve a Rust-based loader deploying Cobalt Strike and a Go-based remote access tool named VShell, along with other unidentified payloads, thus emphasizing the critical nature of the problem.

CISA has added CVE-2025-0994 to its Known Exploited Vulnerabilities catalog, underscoring the necessity for Federal Civilian Executive Branch agencies to address and remediate this flaw by February 28, 2025. Users and administrators of the affected software versions are strongly urged to apply the necessary updates without delay. Additionally, they should actively search for indicators of compromise (IoCs) to ensure their systems are not already affected.

The advisory issued by CISA highlights the imperative of keeping software updated as a primary measure to mitigate the risks associated with known vulnerabilities. This is particularly crucial for those that are actively exploited in real-world attacks, like the one currently targeting Trimble Cityworks. Cybersecurity professionals and users must adopt a vigilant stance, prioritizing the application of patches and continuous monitoring for any signs of compromise. By doing so, they can effectively protect their systems and data from the ever-evolving landscape of cyber threats. As the situation evolves, staying informed and responsive remains essential for those aiming to maintain robust cybersecurity defenses.

Risk Management

Explore more

Is Data Architecture More Important Than AI Models?
March 9, 2026

The glistening promise of an autonomous enterprise often shatters against the reality of a fragmented database that cannot distinguish a customer’s lifetime value from a simple transaction code. For several years, the technology sector has remained fixated on the sheer cognitive acrobatics of large language models, treating every incremental update to GPT or Claude as a definitive solution to complex

Six Post-Purchase Moments That Drive Customer Lifetime Value
March 9, 2026

The instant a digital transaction reaches completion, a profound and often ignored psychological transformation occurs within the mind of the modern consumer as they pivot from excitement to scrutiny. While the majority of contemporary brands commit their entire marketing budgets to the initial pursuit of a sale, they frequently vanish the very second a credit card is authorized. This abrupt

The Future of Marketing Automation: Trends and Growth Through 2026
March 9, 2026

Aisha Amaira is a leading MarTech strategist with a profound focus on the intersection of customer data platforms and automated innovation. With years of experience helping brands navigate the complexities of CRM integration, she specializes in transforming technical infrastructure into high-growth engines. In this conversation, we explore the evolving landscape of marketing automation, the financial frameworks required to justify large-scale

How Can Autonomous AI Agents Personalize Global Marketing?
March 9, 2026

Aisha Amaira is a distinguished MarTech strategist who has spent years at the intersection of customer data platforms and automated engagement. With a deep background in CRM technology, she specializes in transforming rigid, manual marketing architectures into fluid, insight-driven ecosystems. Her work focuses on helping brands move past the technical debt of traditional automation to embrace a future where technology

Is It Game Over for Authenticity in Job Interviews?
March 9, 2026

Ling-yi Tsai has spent decades at the intersection of human capital and technical innovation, helping organizations navigate the messy realities of digital transformation and behavioral change. With a deep focus on HR analytics and talent management systems, she understands that the data behind a hire is often just as important as the cultural “vibe” a manager senses during a first