Trimble has issued a warning regarding a serious vulnerability in its Cityworks software, affecting versions prior to 15.8.9 and office companion versions earlier than 23.10. This vulnerability, identified as CVE-2025-0994, allows authenticated users to initiate remote command execution attacks on Microsoft IIS servers. The company's security experts have found that cybercriminals could exploit this flaw to deploy malware, including remote access tools. Trimble has released a patch and recommends three actions for administrators to secure their installations effectively.
The recently discovered vulnerability CVE-2025-0994 in Trimble's Cityworks software allows attackers to remotely execute commands on Microsoft IIS servers, posing serious risks.
Trimble urges administrators to install security updates, manage IIS permissions appropriately, and configure attachment directories to mitigate the risks associated with this vulnerability.
Collection
[
|
...
]