Home Trimble CVE-2025-0994
CRITICAL: THIS VULNERABILITY IS ACTIVELY BEING EXPLOITED IN THE WILD (CISA KEV CATALOG)
Back to Trimble

CVE-2025-0994

Exploited

Target: Cityworks - Web Server

Trimble CVSS 8.8 Updated March 10, 2026
Threat Level HIGH

Executive Risk Summary

"Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability, allowing an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services (IIS) web server. This vulnerability poses a significant risk to the security and integrity of the affected systems, and immediate attention is required to mitigate the threat."

Operational Audit Arsenal

Target Type Web Server
Target Asset Microsoft Internet Information Services (IIS)
Standard Path Customer’s Web Server Infrastructure
PowerShell 
# 🛠️ Senior Engineer Universal Audit
# Target: Microsoft Internet Information Services (IIS) (Web Server)
$Target = "Microsoft Internet Information Services (IIS)"
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")

Get-ChildItem -Path $SearchPaths -Filter $Target -Recurse -ErrorAction SilentlyContinue | 
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}

Patch Impact Forecast

Reboot Required Likely Required
Service Disruption

Potential Disruption to Web Services

Internal Work Notes

Apply updates to Trimble Cityworks to version 15.8.9 or later and Cityworks with office companion to version 23.10 or later to mitigate the deserialization vulnerability and prevent remote code execution attacks.

Intelligence Sources

Official Advisory https://learn.assetlifecycle.trimble.com/i/1532182-cityworks-customer-communication-2025-02-05-docx/0?
CISA KEV Catalog https://www.cisa.gov/news-events/ics-advisories/icsa-25-037-04
CISA KEV Catalog https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-0994

Scope of Impact

Cityworks

Original NVD Description

"Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services (IIS) web server."

Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.