CVE-2025-0994NVD

Vulnerability Summary

Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services (IIS) web server.

Severity Level

HIGH(8.6)

Published Date

Feb 6, 2025

Last Modified

Feb 12, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-502: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v4.0 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredHigh

User InteractionNone

External References

https://learn.assetlifecycle.trimble.com/i/1532182-cityworks-customer-communication-2025-02-05-docx/0?
https://www.cisa.gov/news-events/ics-advisories/icsa-25-037-04

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2025-0994NVD

Vulnerability Summary

External References