CVE-2025-0994 - Trimble Cityworks Deserialization Vulnerability

CVE ID:CVE-2025-0994

Project:Trimble

Product:Cityworks

Date Added:2025-02-07Due Date:2025-02-28

Vulnerability Name

Trimble Cityworks Deserialization Vulnerability

Description

Trimble Cityworks contains a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer's Microsoft Internet Information Services (IIS) web server.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://learn.assetlifecycle.trimble.com/i/1532182-cityworks-customer-communication-2025-02-05-docx/0?

https://www.cisa.gov/news-events/ics-advisories/icsa-25-037-04

https://nvd.nist.gov/vuln/detail/CVE-2025-0994

Vulnerability Name

Description

Known To Be Used in Ransomware Campaigns?

Action

Additional Notes

Related News Articles