CISA Warns of Active Exploitation in Trimble Cityworks Vulnerability Leading to IIS RCE
CISA Warns of Active Exploitation in Trimble Cityworks Vulnerability Leading to IIS RCE
07 February 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that a security flaw impacting Trimble Cityworks GIS-centric asset management software has come under active exploitation in the wild.
The vulnerability in question is CVE-2025-0994 (CVSS v4 score: 8.6), a deserialization of untrusted data bug that could permit an attacker to conduct remote code execution.
"This could