Categories: US-Cert-RepositoryUS-Cert-RepositoryUS-Cert-RepositoryUS-Cert-RepositoryUS-Cert-RepositoryUS-Cert-RepositoryUS-Cert-RepositoryUS-Cert-RepositoryUS-Cert-Repository

Trimble Releases Security Updates to Address a Vulnerability in Cityworks Software

CISA is collaborating with private industry partners to respond to reports of exploitation of a vulnerability (CVE-2025-0994) discovered by Trimble impacting its Cityworks Server AMS (Asset Management System). Trimble has released security updates and an advisory addressing a recently discovered deserialization vulnerability enabling an external actor to potentially conduct remote code execution (RCE) against a customer’s Microsoft Internet Information Services (IIS) web server.

CISA has added CVE-2025-0994 to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

CISA strongly encourages users and administrators to search for indicators of compromise (IOCs) and apply the necessary updates and workarounds.

Review the following article for more information:

Trimble Advisory and IOCs for Vulnerability Affecting Cityworks Deployments

The Symantec Threat Hunter team, part of Broadcom, contributed to this guidance.

Source link

admin

Previous « CISA Adds Five Known Exploited Vulnerabilities to Catalog

This website uses cookies.

Trimble Releases Security Updates to Address a Vulnerability in Cityworks Software

Recent Posts

CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA Adds One Known Exploited Vulnerability to Catalog

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA Releases Four Industrial Control Systems Advisories

CISA Releases the JCDC AI Cybersecurity Collaboration Playbook and Fact Sheet

Adobe Releases Security Updates for Multiple Products