Source URL: https://www.cisa.gov/news-events/alerts/2025/02/07/trimble-releases-security-updates-address-vulnerability-cityworks-software
Source: Alerts
Title: Trimble Releases Security Updates to Address a Vulnerability in Cityworks Software
Feedly Summary: CISA is collaborating with private industry partners to respond to reports of exploitation of a vulnerability (CVE-2025-0994) discovered by Trimble impacting its Cityworks Server AMS (Asset Management System). Trimble has released security updates and an advisory addressing a recently discovered a deserialization vulnerability enabling an external actor to potentially conduct remote code execution (RCE) against a customer’s Microsoft Internet Information Services (IIS) web server.
CISA has added CVE-2025-0994 to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
CISA strongly encourages users and administrators to search for indicators of compromise (IOCs) and apply the necessary updates and workarounds.
Review the following article for more information:
Trimble Advisory and IOCs for Vulnerability Affecting Cityworks Deployments
The Symantec Threat Hunter team, part of Broadcom, contributed to this guidance.
AI Summary and Description: Yes
Summary: The text discusses the collaboration between CISA and private industry to address a newly discovered vulnerability in Trimble’s Cityworks Server AMS, highlighting significant security implications that can lead to remote code execution. The active exploitation of this vulnerability necessitates immediate action from users and administrators.
Detailed Description:
– **Collaboration and Response**: CISA is working with private industry partners to mitigate the risks associated with CVE-2025-0994, a vulnerability found in Trimble’s Cityworks Server AMS.
– **Discovery of Vulnerability**: The identified deserialization vulnerability allows external actors the potential to execute remote code on affected systems, specifically Microsoft Internet Information Services (IIS) web servers.
– ** Vectors of Exploitation**: The mention of “active exploitation” signifies that this vulnerability is being actively targeted, which underscores the urgency for organizations to prioritize remediation.
– **CISA’s Actions**:
– CISA has added CVE-2025-0994 to its Known Exploited Vulnerabilities Catalog, signaling its significance in the cybersecurity landscape.
– The urgency in CISA’s communication encourages users and administrators to proactively look for indicators of compromise (IOCs) linked to the vulnerability.
– **Security Updates and Guidance**: Trimble has released security updates and an advisory, emphasizing the importance of applying these updates to protect systems from potential attacks.
– **Contribution of Symantec**: The involvement of the Symantec Threat Hunter team, part of Broadcom, highlights collaborative efforts in threat detection and management.
**Key Takeaways**:
– The vulnerability poses a direct threat to systems using Cityworks Server AMS, which is prevalent in asset management scenarios.
– Organizations leveraging these systems should conduct immediate security assessments to apply updates and patch vulnerabilities to avoid exploitation.
– Continuous monitoring and threat-hunting activities are critical in identifying and mitigating associated risks.
In summary, this situation serves as a potent reminder of the ever-evolving threat landscape in cybersecurity and the need for organizations to maintain robust security practices, especially concerning known vulnerabilities and their active exploitation.