Close Menu
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
What's Hot

Includes Microsoft Patch 130 vulnerabilities, important flaws in SPNEGO and SQL Server

Changing your approach to antibiotics

European VCs break taboos by investing in pure defense technology from the Ukrainian war zone

Facebook X (Twitter) Instagram
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
Facebook X (Twitter) Instagram
Fyself News
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
Fyself News
Home » CISA warns about aggressive exploits targeting the Trimble CityWorks vulnerability
Identity

CISA warns about aggressive exploits targeting the Trimble CityWorks vulnerability

userBy userFebruary 7, 2025No Comments2 Mins Read
Share Facebook Twitter Pinterest Telegram LinkedIn Tumblr Email Copy Link
Follow Us
Google News Flipboard
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link

February 7, 2025Hacker NewsVulnerability/Malware

Trimble CityWorks Vulnerabilities

The US Cybersecurity and Infrastructure Security Agency (CISA) warns that security flaws affecting Trimble CityWorks GIS-centric asset management software under active exploitation in the wild.

The vulnerability in question is CVE-2025-0994 (CVSS V4 score: 8.6). This is a need to disable untrusted data bug that allows attackers to execute remote code.

“This allows authenticated users to carry out remote code execution attacks against their customers’ Microsoft Internet Information Services (IIS) web servers,” CISA said in its February 6, 2025 advisory.

The defect affects the next version –

CityWorks (all versions prior to 15.8.9) Office companion and CityWorks (all versions prior to 23.10)

Cybersecurity

Trimble has released a patch to address security flaws as of January 29, 2025, but CISA warns that they have been weaponized in real attacks.

The Colorado headquarters also said it has received reports of “fraudulent attempts to gain access to CityWorks deployments for certain customers.”

The Compromise Indicator (IOC) released by Trimble indicates that the vulnerability is being exploited. This has unidentified payloads, especially those that are unidentified, such as GO-based remote access tools named Cobalt Strike and VShell.

It is currently unknown who is behind the attack and what the campaign’s ultimate goal is. Users running an affected version of the software are advised to update their instances to the latest version for optimal protection.

Did you find this article interesting? This article is a donation from one of our precious partners. Follow us on Twitter and LinkedIn to read exclusive content you post.

Source link

Follow on Google News Follow on Flipboard
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Previous ArticleA coalition of US states filed lawsuit after masked dogs gain access to American personal data
Next Article Pure Communications Group has been recognized as a Power 30 Sustainable Agency
user
  • Website

Related Posts

Includes Microsoft Patch 130 vulnerabilities, important flaws in SPNEGO and SQL Server

July 9, 2025

Hackers use leaked shelter tool licenses to spread Lumma Stealer and Sectoprat malware

July 8, 2025

Anatsa Android Banking Trojan hits 90,000 users with fake PDF apps on Google Play

July 8, 2025
Add A Comment
Leave A Reply Cancel Reply

Latest Posts

Includes Microsoft Patch 130 vulnerabilities, important flaws in SPNEGO and SQL Server

Changing your approach to antibiotics

European VCs break taboos by investing in pure defense technology from the Ukrainian war zone

Langchain is about to become a unicorn, sources say

Trending Posts

Subscribe to News

Subscribe to our newsletter and never miss our latest news

Please enable JavaScript in your browser to complete this form.
Loading

Welcome to Fyself News, your go-to platform for the latest in tech, startups, inventions, sustainability, and fintech! We are a passionate team of enthusiasts committed to bringing you timely, insightful, and accurate information on the most pressing developments across these industries. Whether you’re an entrepreneur, investor, or just someone curious about the future of technology and innovation, Fyself News has something for you.

Robots Play Football in Beijing: A Glimpse into China’s Ambitious AI Future

TwinH: A New Frontier in the Pursuit of Immortality?

Meta’s Secret Weapon: The Superintelligence Unit That Could Change Everything 

Unlocking the Power of Prediction: The Rise of Digital Twins in the IoT World

Facebook X (Twitter) Instagram Pinterest YouTube
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
© 2025 news.fyself. Designed by by fyself.

Type above and press Enter to search. Press Esc to cancel.