Hackers are hijacking government software to access sensitive servers
Posted by:
James Thompson
Hackers exploit vulnerability in Trimble’s Cityworks software, warns experts
Trimble, a software vendor, has issued a security patch to address a serious issue where cybercriminals are taking advantage of a flaw in the Cityworks product for Remote Code Execution attacks, specifically deploying Cobalt Strike beacons on Microsoft IIS servers.
Cityworks, utilized for managing infrastructure by local governments and utilities, was found to have a high-severity deserialization bug (CVE-2025-0994) allowing for RCE. Trimble advised immediate updates to versions 15.8.9 and 23.10, alongside rectifying overprivileged IIS identity permissions and incorrect attachment directory configurations.
The US CISA has stressed the urgency of applying these patches to prevent potential compromises, emphasizing the importance of impact analysis and risk assessment before implementing defensive measures. Organizations detecting suspicious activities are urged to report to CISA for further investigation and coordination against similar incidents.
Stay protected: Update your software to safeguard against potential cyber threats.
Recent Posts1
