Home
Mapping Frameworks
Known Exploited Vulnerabilities Home
Trimble Cityworks Deserialization Vulnerability

Known Exploited Vulnerabilities CVE-2025-0994

Trimble Cityworks contains a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer's Microsoft Internet Information Services (IIS) web server.

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name	Notes
CVE-2025-0994	Trimble Cityworks Deserialization Vulnerability	exploitation_technique	T1068	Exploitation for Privilege Escalation	Comments A deserialization vulnerability in Trimble Cityworks versions before 15.8.9 (and Cityworks with Office Companion versions prior to 23.10) can be exploited by attackers using maliciously crafted serialized objects to the server, ending with escalated privileges permitting the execution remote code against a target's Microsoft IIS web server. References https://www.recordedfuture.com/blog/trimble-cityworks-cve-2025-0994-vulnerability-analysis
CVE-2025-0994	Trimble Cityworks Deserialization Vulnerability	primary_impact	T1059	Command and Scripting Interpreter	Comments A deserialization vulnerability in Trimble Cityworks versions before 15.8.9 (and Cityworks with Office Companion versions prior to 23.10) can be exploited by attackers to execute remote code against a target web server. References https://www.recordedfuture.com/blog/trimble-cityworks-cve-2025-0994-vulnerability-analysis