CVE-2025-0994: Trimble Cityworks Deserialization Vulnerability. Trimble

Trimble Cityworks Deserialization Vulnerability. Trimble Cityworks contains a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer's Microsoft Internet Information Services (IIS) web server.

• CISA KEV-listed (remediation due 2025-02-28)
• EPSS 74.9% (98.9% percentile)

Browse the CVE database

Read the full analysis on IntelFusions