Hackers have successfully exploited a critical vulnerability in Cityworks deployments, a software used for GIS-centric asset and work order management, resulting in a high-severity remote code execution (RCE) attack. This security flaw, known as CVE-2025-0994 with a CVSS rating of 8.6/10, allows threat actors to execute malicious code on customers’ Microsoft web servers. Cityworks’ developer, Trimble, has issued a joint advisory with the US Cybersecurity and Infrastructure Security Agency (CISA) to address this alarming issue.
The implications of this vulnerability are significant, as several US cities and critical utilities rely on Cityworks for their asset management needs. Entities such as Greeley, Baltimore County, Newport News, Sacramento Suburban Water District, and Bay County Road Commission are among those at risk. A successful breach could result in service disruptions, exposure of sensitive data, and potential public safety threats. The urgency to patch this vulnerability cannot be overstated, as the consequences of a successful exploit could be severe.
Trimble is currently working on a fix for the vulnerability, which is set to be included in the upcoming software update. The company is committed to addressing this issue promptly to prevent further exploitation by malicious actors. In the meantime, users of Cityworks are urged to remain vigilant and implement any recommended security measures to mitigate the risk of a potential attack.
The collaborative effort between Trimble, CISA, and other stakeholders underscores the importance of cybersecurity in safeguarding critical infrastructure and sensitive data. As cyber threats continue to evolve and grow in sophistication, it is essential for organizations to stay ahead of potential vulnerabilities and take proactive steps to protect their systems and networks. The Cityworks RCE flaw serves as a stark reminder of the constant vigilance required to mitigate cyber risks and ensure the integrity of digital assets.
In conclusion, the Cityworks RCE vulnerability presents a significant risk to organizations that rely on this software for asset management. Prompt action is essential to address this issue and prevent potential exploitation by threat actors. By heeding the warnings and guidance provided by security experts, users can minimize the impact of this vulnerability and strengthen their overall cybersecurity posture. The ongoing effort to address this vulnerability underscores the collaborative nature of cybersecurity and the shared responsibility of all stakeholders in safeguarding critical systems and infrastructure.