CISA warns of vulnerability in Trimble's Cityworks Server

Cybersecurity and Infrastructure Security Agency (CISA) is collaborating with private industry partners to respond to reports of exploitation of a vulnerability (CVE-2025-0994) discovered by Trimble impacting its Cityworks Server Audit Management System (AMS) (Asset Management System). Trimble has released security updates and an advisory addressing a recently discovered deserialization vulnerability enabling an external actor to potentially conduct remote code execution (RCE) against a customer’s Microsoft Internet Information Services (IIS) web server.

CISA has added CVE-2025-0994 to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

CISA strongly encourages users and administrators to search for Indicators of Compromise (IOC) (IOCs) and apply the necessary updates and workarounds.

Review the following article for more information:

Trimble Advisory and IOCs for Vulnerability Affecting Cityworks Deployments

The Symantec Threat Hunter team, part of Broadcom, contributed to this guidance.

SEALSQ to invest $10 million in WISeSat.Space for satellite deployment and quantum key distribution

Enhancing Application Observability: Significance of ASN in IP Traffic Analysis

ONES enhances monitoring for Spectrum-X networks