The US Cybersecurity and Infrastructure Security Agency (CISA) warns that security flaws affecting Trimble CityWorks GIS-centric asset management software under active exploitation in the wild.
The vulnerability in question is CVE-2025-0994 (CVSS V4 score: 8.6). This is a need to disable untrusted data bug that allows attackers to execute remote code.
“This allows authenticated users to carry out remote code execution attacks against their customers’ Microsoft Internet Information Services (IIS) web servers,” CISA said in its February 6, 2025 advisory.
The defect affects the next version –
CityWorks (all versions prior to 15.8.9) Office companion and CityWorks (all versions prior to 23.10)
Trimble has released a patch to address security flaws as of January 29, 2025, but CISA warns that they have been weaponized in real attacks.
The Colorado headquarters also said it has received reports of “fraudulent attempts to gain access to CityWorks deployments for certain customers.”
The Compromise Indicator (IOC) released by Trimble indicates that the vulnerability is being exploited. This has unidentified payloads, especially those that are unidentified, such as GO-based remote access tools named Cobalt Strike and VShell.
It is currently unknown who is behind the attack and what the campaign’s ultimate goal is. Users running an affected version of the software are advised to update their instances to the latest version for optimal protection.
Source link
