CVE-2025-0994: Trimble Cityworks Added to CISA Vulnerability Catalog

Published:

spot_img

Critical Cybersecurity Alert: New Vulnerability CVE-2025-0994 Identified in Trimble Cityworks

CISA Flags Critical Vulnerability in Trimble Cityworks, Urges Immediate Action

The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability, identified as CVE-2025-0994, to its Known Exploited Vulnerabilities (KEV) Catalog. This vulnerability predominantly impacts Trimble Cityworks, a popular software utilized for asset management and geographic information system (GIS) applications. The flaw, known as the Trimble Cityworks Deserialization vulnerability, poses significant cybersecurity threats, especially to federal enterprises, as it enables attackers to execute remote code on compromised systems.

CVE-2025-0994 affects Trimble Cityworks versions prior to 15.8.9 and Cityworks with Office Companion versions earlier than 23.10. It allows authenticated users to potentially exploit the software, leading to serious security breaches. If the vulnerability is successfully exploited, attackers could gain control over a person’s Microsoft Internet Information Services (IIS) web server, risking the confidentiality, integrity, and availability of critical infrastructure data.

With a CVSS score of 8.6, CISA has ranked the severity of this vulnerability as High, highlighting the pressing need for organizations to address the issue. Trimble responded timely by releasing patches for both Cityworks 15.x and 23.x software versions on January 28 and 29, 2025. The updates, crucial for safeguarding against remote code execution attacks, were communicated urgently to customers, stressing the need for immediate action.

CISA’s inclusion of CVE-2025-0994 in its catalog underscores the escalating urgency to remedy such vulnerabilities within critical infrastructures. Organizations reliant on Trimble Cityworks are strongly advised to implement the necessary updates without delay, as remediating vulnerabilities like CVE-2025-0994 is vital to safeguard sensitive systems from potential attacks.

spot_img

Related articles

Recent articles

Three Russians Charged in $62M Cybercrime Scheme Targeting U.S. Infrastructure

Three Russians Charged in $62M Cybercrime Scheme Targeting U.S. Infrastructure In a significant development in the fight against cybercrime, three Russian nationals have been indicted...

Middle East Transforms Event Security: Designed to Welcome, Engineered to Protect

Middle East Transforms Event Security: Designed to Welcome, Engineered to Protect In recent years, the Middle East has emerged as a pivotal hub for global...

AI Transitions from Assisting Cyberattacks to Executing Them: Annual Report Reveals Alarming Shift

AI Transitions from Assisting Cyberattacks to Executing Them: Annual Report Reveals Alarming Shift In a significant development for cybersecurity, Check Point Software has released its...

Securonix Appoints Toby Weiss as CEO, Advancing Security Operations Amid Growing Threat Landscape

Securonix Appoints Toby Weiss as CEO, Advancing Security Operations Amid Growing Threat Landscape Securonix has announced the appointment of Toby Weiss as its new Chief...