CVE-2025-0994

CVSS 3.1 Score 8.8 of 10 (HIGH)

Attack Complexity

LOW

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Scope

UNCHANGED

Privileges Required

LOW

Summary

CVE-2025-0994 is a deserialization vulnerability affecting Trimble Cityworks versions below 15.8.9 and Cityworks with office companion versions prior to 23.10. An authenticated user can exploit this issue to execute remote code on a customer's Microsoft Internet Information Services (IIS) web server. This vulnerability poses a severe risk, particularly for organizations using these Cityworks versions, as it could lead to unauthorized system takeover and potential data breaches.

Details

Published: formatDate( 2025-02-06T16:15:41.493Z )
Updated: formatDate( 2025-02-12T19:29:30.383Z )
CWE ID: CWE-502

Affected Products

Trimble Cityworks

Affected Vendors

Trimble Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3CLyE2
https://www.cve.org/CVERecord?id=CVE-2025-0994
https://nvd.nist.gov/vuln/detail/CVE-2025-0994