Trimble, a provider of technology solutions, has alerted users of its Cityworks software to a serious vulnerability (CVE-2025-0994) that allows remote code execution on IIS servers. This 'high severity' zero-day issue could enable external threat actors to exploit systems, particularly affecting local governments, utilities, and similar organizations. CISA has issued an advisory concerning the vulnerability, although it clarified that Cityworks is not a component of industrial control systems. Trimble's customers are urged to rectify overprivileged permissions and improper configurations to mitigate risks of exploitation.
Trimble warns customers of its Cityworks product about a high severity zero-day vulnerability (CVE-2025-0994) allowing remote code execution on Microsoft IIS servers.
CISA reported that the Cityworks software does not control industrial processes, despite its advisory indicating relevance to industrial control systems due to its sector use.
Collection
[
|
...
]