The addition of a critical vulnerability to the Known Exploited Vulnerabilities (KEV) Catalog by the Cybersecurity and Infrastructure Security Agency (CISA) has brought attention to CVE-2025-0994, a significant risk affecting Trimble Cityworks software. This vulnerability, known as the Trimble Cityworks Deserialization vulnerability, allows attackers to execute remote code on vulnerable systems, posing a serious cybersecurity threat, particularly to federal enterprises.
CVE-2025-0994 specifically impacts Trimble Cityworks versions prior to 15.8.9 and Cityworks with Office Companion versions earlier than 23.10. The vulnerability enables authenticated users to exploit the software and potentially execute remote code on affected systems, compromising Microsoft Internet Information Services (IIS) web servers and opening the door to remote code execution attacks.
The severity of CVE-2025-0994 is classified as High by CISA due to its CVSS score of 8.6, highlighting the critical nature of the flaw. Deserialization vulnerabilities, like this one, are common vectors for cyberattacks, allowing attackers to insert malicious payloads into applications, potentially leading to severe security breaches. In this case, the IIS web server hosting Cityworks deployments becomes a prime target, putting critical data and services at risk for organizations relying on vulnerable versions of the software.
In response to the discovery of this vulnerability, Trimble took swift action by releasing security updates for both Cityworks 15.x and Cityworks 23.x software versions. These updates, made available to users in late January 2025, address the deserialization flaw and prevent remote code execution attacks. Trimble also communicated the importance of updating to the new versions immediately, reassuring users that the updates would be automatically applied to Cityworks Online (CWOL) deployments.
Additionally, Trimble identified overprivileged IIS identity permissions and improperly configured attachment directories as potential security concerns in their communication. Users were provided with guidance on how to mitigate these risks, emphasizing the company’s commitment to addressing security issues promptly and effectively.
By including CVE-2025-0994 in the CISA Known Exploited Vulnerabilities Catalog, CISA aims to raise awareness and prioritize the patching of critical vulnerabilities actively exploited by cybercriminals. The catalog serves as a valuable resource for federal agencies and organizations seeking to enhance their cybersecurity posture, regularly updating with newly discovered vulnerabilities threatening critical infrastructure.
To mitigate the risks associated with CVE-2025-0994, Trimble Cityworks users must apply the latest patches promptly, update to the recommended versions, and ensure proper configuration of IIS identity permissions and attachment directory settings. By remaining vigilant and addressing vulnerabilities like CVE-2025-0994, organizations can protect their infrastructure from malicious exploitation and safeguard sensitive systems from cybersecurity threats.