The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about an actively exploited security flaw in Trimble Cityworks asset management software, urging users to update their software to avoid potential attacks.
What happened
Trimble’s Cityworks software is a tool used by local governments, utilities, and other organizations to manage assets like roads, water systems, buildings, and equipment. It is built around geographic information systems (GIS), which uses maps and spatial data to help users manage and track their physical infrastructure. This type of software helps organizations to keep track of what assets they own, their condition, and when maintenance is needed.
A security flaw (CVE-2025-0994) was discovered in older versions of the Cityworks software, specifically those prior to 15.8.9, as well as older versions of the Cityworks Office Companion (prior to 23.10). The vulnerability allows attackers to execute harmful code on affected systems, which could give them control over important infrastructure data. CISA has warned that this flaw is being actively exploited in real-world cyberattacks, meaning cybercriminals are taking advantage of this weakness to launch attacks.
While Trimble has already released security patches to fix the issue, the vulnerability is still being targeted, putting users at risk of data compromise and disruption. It’s recommended that all affected users update to the latest versions of the software to protect their systems from this exploit.
What was said
CISA highlighted the vulnerability by stating, "This could allow an authenticated user to perform a remote code execution attack against a customer's Microsoft Internet Information Services (IIS) web server," in an advisory dated February 7, 2025. Additionally, CISA emphasized, "CISA strongly encourages users and administrators to search for indicators of compromise (IOCs) and apply the necessary updates and workarounds."
Why it matters
This incident shows the vulnerability in Trimble’s Cityworks software which directly exposes vital infrastructure management systems to remote code execution attacks. Cityworks is widely used in asset management for public works, including maintaining roads, water systems, parks, and other community infrastructure. These systems are important to operating essential services such as water supply, waste management, transportation, and emergency services. A breach could lead to unauthorized access to sensitive data and disrupt the smooth running of these services. For example, an attacker could potentially alter data, causing delays in repairs or mismanagement of resources. The fact that cybercriminals are actively exploiting the flaw displays the urgency for users to update their software, as failure to do so could lead to consequences.
The bottom line
With attacks targeting known vulnerabilities becoming more common, all users of Trimble Cityworks must update their software immediately to avoid falling victim to ongoing exploitation. Staying proactive in cybersecurity is essential to safeguarding data and systems from harm.
FAQs
Who is impacted by this vulnerability?
Organizations using versions of Cityworks prior to 15.8.9 and Cityworks Office Companion before 23.10 are at risk of exploitation.
What is the recommended action for affected users?
Users are urged to update to the latest versions of Cityworks and Cityworks Office Companion to mitigate the risk of exploitation.
What are indicators of compromise (IOCs)?
IOCs are signs that a system has been compromised, such as unusual network traffic, unauthorized file modifications, or changes in system behavior. CISA advises users to search for these signs as part of mitigation effort
