- Trimble warns that Cityworks is being abused in RCE attacks
- The company launched a patch to address the problem
- CISA warns users to apply the patch as soon as possible
Computer pirates are kidnapping government software to access confidential servers, experts warned.
The warning comes from the trimble software supplier, whose product seems to have been used in the attack. In a letter sent to its customers and partners, Trimble said that it observed the cybercounts that abuse a vulnerability of deerialization in their CityWorks product to participate in the execution of the remote code (RCE) and implement cobalt Strike beacons on the service servers of Microsoft Internet information (IIS).
TRIMBLE CITYWORKS It is an asset management of the Geographic Information System (GIS) and permissions designed to help local public services and services administer infrastructure, maintenance and operations efficiently. It was discovered that it had been vulnerable to CVE-2025-0994, a high severity deerialization error that allows RCE, given a gravity score of 8.6 (high).
Patching the fault
“After our investigations of unauthorized attempts reports to obtain access to specific customer clients implementations, we have three updates to provide it,” said the company in the letter. To address the threat, trimble updated CityWorks 15.xa version 15.8.9 and 23.xa 23.10. He also warned about discovering some implementations in the first ones that have IIS identity permits on privileges, and added that some implementations have incorrect attachment directory configurations.
All this must be addressed at the same time, to mitigate the threat and resume normal operations with Cityworks.
We do not know how big the attack is, or if any organization was compromised as a result, but the cybersecurity and infrastructure security agency of the United States (CISA) has published a coordinated notice, urging customers to apply the patches Lo Lo Before possible, Bleepingcomuter. He has found. “CISA reminds organizations that carry out an adequate impact analysis and a risk assessment before implementing defensive measures,” he said in the notice.
“Organizations that observe the suspicion of malicious activity must follow established internal procedures and reports of reports to CISA for monitoring and correlation against other incidents.”
Through Bleepingcomputer
