Known Exploited Vulnerability
0.0
NA
CVE-2025-0994
Trimble Cityworks Deserialization Vulnerability - [Actively Exploited]
Description

Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services (IIS) web server.

INFO

Published Date :

Feb. 6, 2025, 4:15 p.m.

Last Modified :

Feb. 8, 2025, 2 a.m.

Source :

[email protected]

Remotely Exploitable :

No

Impact Score :

Exploitability Score :

CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

Trimble Cityworks contains a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer's Microsoft Internet Information Services (IIS) web server.

Required Action :

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Notes :

https://learn.assetlifecycle.trimble.com/i/1532182-cityworks-customer-communication-2025-02-05-docx/0?; https://www.cisa.gov/news-events/ics-advisories/icsa-25-037-04 ; https://nvd.nist.gov/vuln/detail/CVE-2025-0994

Public PoC/Exploit Available at Github

CVE-2025-0994 has a 2 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2025-0994 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

No affected product recoded yet

: Total Affected Vendor : 0 | Products : 0
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2025-0994.

URL Resource
https://learn.assetlifecycle.trimble.com/i/1532182-cityworks-customer-communication-2025-02-05-docx/0?
https://www.cisa.gov/news-events/ics-advisories/icsa-25-037-04

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
rxerium/CVE-2025-0994

Cityworks deserialization of untrusted data vulnerability PoC

cisa cityworks cyber-security poc

Updated: 4 days, 14 hours ago
1 stars 0 fork 0 watcher
Born at : Feb. 7, 2025, 2:13 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
126789t/poc_everyday

自动搜集每天的漏洞poc和exp信息。

Updated: 5 hours, 48 minutes ago
8 stars 2 fork 2 watcher
Born at : Dec. 11, 2024, 12:32 a.m. This repo has been linked 91 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2025-0994 vulnerability anywhere in the article.

  • The Cyber Express
Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update

Apple has issued emergency updates to fix a critical security flaw that is actively being exploited in iOS and iPadOS. On February 10, the tech giant released out-of-band security patches to address a ... Read more

Published Date: Feb 11, 2025 (15 hours, 34 minutes ago)
CVE-2025-24200 CVE-2025-0994 CVE-2024-21893 CVE-2024-21887 CVE-2023-46805 CVE-2021-44228 CVE-2017-11882
  • The Cyber Express
CISA Flags Critical Trimble Cityworks Vulnerability (CVE-2025-0994) in KEV Catalog

The Cybersecurity and Infrastructure Security Agency (CISA) announced the addition of a critical vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog. The vulnerability, identified as CV ... Read more

Published Date: Feb 10, 2025 (1 day, 17 hours ago)
CVE-2025-0994 CVE-2024-21893 CVE-2024-21887 CVE-2023-46805 CVE-2021-44228 CVE-2017-11882
  • The Hacker News
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [10 February]

Cybersecurity / Weekly Recap In cybersecurity, the smallest crack can lead to the biggest breaches. A leaked encryption key, an unpatched software bug, or an abandoned cloud storage bucket—each one se ... Read more

Published Date: Feb 10, 2025 (1 day, 17 hours ago)
CVE-2025-0994 CVE-2025-20125 CVE-2025-20124 CVE-2025-23114 CVE-2025-24648 CVE-2025-25181 CVE-2025-25065 CVE-2025-25064 CVE-2024-57968 CVE-2024-56161 ...+11 more CVE
  • The Register
DeepSeek's iOS app is a security nightmare, and that's before you consider its TikTok links

Infosec In Brief DeepSeek’s iOS app is a security nightmare that you should delete ASAP, according to researchers at mobile app infosec platform vendor NowSecure. The org have assessed the security of ... Read more

Published Date: Feb 10, 2025 (2 days, 3 hours ago)
CVE-2025-0994 CVE-2024-45195 CVE-2024-21413 CVE-2020-29574 CVE-2020-15069 CVE-2018-19410
  • TheCyberThrone
Apache James Denial-of-Service Vulnerabilities

The Apache James Mail Server has recently been identified as vulnerable to two distinct Denial-of-Service (DoS) attacks, tracked as CVE-2024-45626 and CVE-2024-37358 These vulnerabilities pose signifi ... Read more

Published Date: Feb 08, 2025 (3 days, 16 hours ago)
CVE-2025-0994 CVE-2024-45626 CVE-2024-37358 CVE-2025-23419 CVE-2025-24503 CVE-2025-21293 CVE-2024-51741 CVE-2024-46981 CVE-2024-34055
  • TheCyberThrone
CVE-2025-24503 impacts Symantec PAM

CVE-2025-24503 is a critical security vulnerability affecting Privileged Access Manager (PAM) solutions, specifically those provided by Symantec. This vulnerability, if exploited, can have severe cons ... Read more

Published Date: Feb 08, 2025 (3 days, 22 hours ago)
CVE-2025-0994 CVE-2025-23419 CVE-2025-24503 CVE-2025-21293 CVE-2024-51741 CVE-2024-46981
  • BleepingComputer
Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers

Software vendor Trimble is warning that hackers are exploiting a Cityworks deserialization vulnerability to remotely execute commands on IIS servers and deploy Cobalt Strike beacons for initial networ ... Read more

Published Date: Feb 07, 2025 (4 days, 11 hours ago)
CVE-2025-0994
  • The Hacker News
CISA Warns of Active Exploitation in Trimble Cityworks Vulnerability Leading to IIS RCE

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that a security flaw impacting Trimble Cityworks GIS-centric asset management software has come under active exploitation in ... Read more

Published Date: Feb 07, 2025 (4 days, 17 hours ago)
CVE-2025-0994
  • TheCyberThrone
CVE-2025-0994 affects Trimble Cityworks

CVE-2025-0994 is a serious security vulnerability affecting Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10. This vulnerability can lead to remot ... Read more

Published Date: Feb 07, 2025 (4 days, 19 hours ago)
CVE-2025-0994 CVE-2025-23419 CVE-2025-0944 CVE-2025-21293 CVE-2024-51741 CVE-2024-46981 CVE-2024-53104
  • security.nl
Trimble Cityworks-lek actief gebruikt voor overnemen Microsoft IIS-servers

Aanvallers maken actief misbruik van een kwetsbaarheid in Trimble Cityworks voor het overnemen van Microsoft Internet Information Services (IIS) webservers. Trimble Cityworks is een 'asset managements ... Read more

Published Date: Feb 07, 2025 (4 days, 19 hours ago)
CVE-2025-0994

The following table lists the changes that have been made to the CVE-2025-0994 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725

    Feb. 08, 2025

    Action Type Old Value New Value
    Added Date Added 2025-02-07
    Added Due Date 2025-02-28
    Added Required Action Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
    Added Vulnerability Name Trimble Cityworks Deserialization Vulnerability
  • CVE Modified by [email protected]

    Feb. 06, 2025

    Action Type Old Value New Value
    Changed Description Trimble Cityworks versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services (IIS) web server. Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services (IIS) web server.
    Added Reference https://learn.assetlifecycle.trimble.com/i/1532182-cityworks-customer-communication-2025-02-05-docx/0?
  • New CVE Received by [email protected]

    Feb. 06, 2025

    Action Type Old Value New Value
    Added Description Trimble Cityworks versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services (IIS) web server.
    Added CVSS V4.0 AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
    Added CWE CWE-502
    Added Reference https://www.cisa.gov/news-events/ics-advisories/icsa-25-037-04
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2025-0994 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2025-0994 weaknesses.

NONE - Vulnerability Scoring System
: