U.S. CISA adds Trimble Cityworks flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Trimble Cityworks vulnerability to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Trimble Cityworks vulnerability, tracked as CVE-2025-0994, to its Known Exploited Vulnerabilities (KEV) catalog.
Trimble Cityworks is a GIS-centric asset management and permitting software designed for local governments, utilities, and public works organizations. It integrates with Esri’s ArcGIS to help manage infrastructure assets, track work orders, and streamline operations.
The vulnerability CVE-2025-0994 (CVSS v4 score of 8.6) is a deserialization of untrusted data issue. An attacker could trigger the flaw to achieve remote code execution.
“Successful exploitation of this vulnerability could allow an authenticated user to perform a remote code execution.” reads the CISA’s advisory. “This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services (IIS) web server.”
The vulnerability impacts versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10.
Trimble’s advisory includes Indicators of Compromise (IoCs) associated with a campaign exploiting this vulnerability to deploy a Rust-based loader, which launches Cobalt Strike, a Go-based remote access tool (VShell), and other unknown payloads.
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts also recommend private organizations review the Catalog and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix this vulnerability by February 28, 2025.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, CISA Known Exploited Vulnerabilities catalog)
目录
最新
- Denmark warns of increased state-sponsored campaigns targeting the European telcos
- SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 37
- Security Affairs newsletter Round 515 by Pierluigi Paganini – INTERNATIONAL EDITION
- A ransomware attack hit the Micronesian state of Yap, causing the health system network to go down.
- New MassJacker clipper targets pirated software seekers
- Cisco IOS XR flaw allows attackers to crash BGP process on routers
- LockBit ransomware developer Rostislav Panev was extradited from Israel to the U.S.
- SuperBlack Ransomware operators exploit Fortinet Firewall flaws in recent attacks