trimble News Articles

CISA Adds One Known Exploited Vulnerability to Catalog | CISA

CISA has added one vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-0994(link is external) Trimble Cityworks Deserialization...

1 month ago

Chinese-speaking hackers targeting US municipalities with Cityworks bug

Since January, cybersecurity experts have seen Chinese-speaking hackers exploiting a bug impacting a tool used by local governments to manage critical infrastructure assets and other services.

1 month ago

Trimble Releases Security Updates to Address a Vulnerability in Cityworks Software | CISA

CISA is collaborating with private industry partners to respond to reports of exploitation of a vulnerability (CVE-2025-0994) discovered by Trimble impacting its Cityworks Server AMS (Asset Management...

1 month ago

Trimble Cityworks zero-day attacks on US local governments detailed

Analysis revealed the deployment of various backdoors by suspected Chinese-speaking threat actors.

Chinese hackers breach US local governments using Cityworks zero-day

Chinese-speaking hackers have exploited a now-patched Trimble Cityworks zero-day to breach multiple local governing bodies across the United States.

Trimble Cityworks: CVE-2025-0994: Active Exploitation

Learn about CVE-2025-0994 affecting Trimble Cityworks products. Patch now to prevent remote code execution.

Vulnerability in Cityworks leads to Microsoft IIS attacks

Trimble warns of a critical Cityworks vulnerability (CVE-2025-0994) and recommends quick updates and security measures.

Trimble Cityworks zero-day flaw under attack, patch now | TechTarget

Cityworks, an EAM product from software maker Trimble, has a newly disclosed zero-day vulnerability that is capable of remote code execution.

CVE-2025-0994 Trimble Cityworks Added To CISA Catalog

CISA adds CVE-2025-0994, a deserialization vulnerability in Trimble Cityworks, to its Known Exploited Vulnerabilities Catalog.

CVE-2025-0994 Trimble Cityworks Added To CISA Catalog

CISA adds CVE-2025-0994, a deserialization vulnerability in Trimble Cityworks, to its Known Exploited Vulnerabilities Catalog.

CISA warns Trimble Cityworks customers of actively exploited RCE flaw

Immediately patching is recommended due to the risk of RCE on Microsoft IIS web servers in critical infrastructure sectors.

CISA warns Trimble Cityworks customers of actively exploited RCE flaw

Immediately patching is recommended due to the risk of RCE on Microsoft IIS web servers in critical infrastructure sectors.

CISA Warns of Trimble Cityworks RCE Vulnerability Exploited to Hack IIS Servers

The vulnerability, identified as CVE-2025-0994, allows an external actor to exploit a deserialization flaw and execute arbitrary code on a customer's Microsoft Internet Information Services (IIS) web server.

U.S. CISA adds Trimble Cityworks flaw to its Known Exploited Vulnerabilities catalog

U.S. CISA adds Trimble Cityworks vulnerability CVE-2025-0994 to its Known Exploited Vulnerabilities catalog.

Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers

Software vendor Trimble is warning that hackers are exploiting a Cityworks deserialization vulnerability to remotely execute commands on IIS servers and deploy Cobalt Strike beacons for initial network access.

CISA Warns of Active Exploits Targeting Trimble Cityworks Vulnerability

CISA warns of active attacks exploiting Trimble Cityworks CVE-2025-0994 (CVSS 8.6). Hackers deploy Rust-based malware, Cobalt Strike, and VShell.

CVE-2025-0994 affects Trimble Cityworks

CVE-2025-0994 is a serious security vulnerability affecting Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10. This vulnerability can lead to remote code execution, posing significant risks to affected systems.  This is due to the deserialization ...

Trimble Cityworks Customers Warned of Zero-Day Exploitation

Trimble Cityworks is affected by a zero-day vulnerability that has been exploited in attacks involving the delivery of malware.