CVE-2025-0994 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This c…
High KEV CVSS: 8.6

CVE-2025-0994

Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services (IIS) web server.
Vendor
Trimble
Product
Cityworks
CWE
CWE-502
Yayın Tarihi
2025-02-06 16:15:41
Güncelleme
2025-10-30 15:54:12
Source Identifier
ics-cert@hq.dhs.gov
KEV Date Added
2025-02-07

Kategoriler

CWE-502 Cityworks HIGH Trimble 2025

Referanslar

https://learn.assetlifecycle.trimble.com/i/1532182-cityworks-customer-communication-2025-02-05-docx/0? https://www.cisa.gov/news-events/ics-advisories/icsa-25-037-04 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-0994