| A vulnerability has been discovered in Trimble Cityworks that could allow for remote code execution. Trimble Cityworks is a system that helps manage the lifecycle of assets for public infrastructure. It uses GIS (geographic information systems) to help with tasks such as permitting, licensing, construction, maintenance, and replacement. Successful exploitation of this vulnerability could allow for remote code execution in the context of the system. Depending on the privileges associated with the system, threat actors could then install programs or view, change, or delete data. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. |
| Threat Intelligence The Cybersecurity and Infrastructure Security Agency (CISA) reports CVE-2025-0994 has been exploited in the wild. |
| Systems Affected |
| Cityworks: All versions prior to 15.8.9 Cityworks with office companion: All versions prior to 23.10 |
| Risk Government: – Large and medium government entities: High – Small government entities: Medium |
| Businesses: – Large and medium business entities: High – Small business entities: Medium |
| Home Users: Low |
| Recommendations |
| Apply appropriate updates provided by Trimble to vulnerable systems immediately after appropriate testing. Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack. Use vulnerability scanning to find potentially exploitable software vulnerabilities to remediate them. Architect sections of the network to isolate critical systems, functions, or resources. Use physical and logical segmentation to prevent access to potentially sensitive systems and information. Use a DMZ to contain any internet-facing services that should not be exposed from the internal network. Configure separate virtual private cloud (VPC) instances to isolate critical cloud systems. Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring. |