CVE-2025-0994

HIGH
2025-02-06 [email protected]
8.6
CVSS 4.0
Share

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Mar 28, 2026 - 18:25 vuln.today
Added to CISA KEV
Oct 30, 2025 - 15:54 cisa
CISA KEV
CVE Published
Feb 06, 2025 - 16:15 nvd
HIGH 8.6

Tags

Microsoft RCE Deserialization Cityworks

Description

Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services (IIS) web server.

Analysis

Trimble Cityworks asset management platform contains a deserialization vulnerability allowing authenticated users to achieve remote code execution on the IIS web server hosting the application.

Technical Context

The CWE-502 deserialization flaw processes untrusted serialized data from authenticated users. The .NET deserialization executes in the context of the IIS application pool, allowing OS command execution on the web server.

Affected Products

['Trimble Cityworks before 15.8.9', 'Trimble Cityworks with Office Companion before 23.10']

Remediation

Update Cityworks. Implement .NET serialization filtering. Restrict application access to authorized users. Monitor IIS for suspicious process execution.

Priority Score

169
Low Medium High Critical
KEV: +50
EPSS: +76.0
CVSS: +43
POC: 0

Share

CVE-2025-0994 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy