Urgent Security Update Required: Trimble Cityworks Targeted by Malware Attacks

Administrators using Trimble's Cityworks asset management system are urged to take immediate action following reports of malware attacks exploiting a critical vulnerability. The Cybersecurity & Infrastructure Security Agency (CISA) has issued warnings regarding these ongoing threats, emphasizing the necessity for timely updates to safeguard sensitive data.

Cityworks is widely utilized in government agencies and utility companies to manage capital resources and workflows. Given its critical role, system administrators must not delay in applying the security patch. The extent of the attacks remains unclear, but the warning from CISA highlights the urgency for users to act swiftly.

According to Trimble, affected on-premises clients must upgrade to secure versions 15.8.9 or 23.10, as all earlier versions are deemed vulnerable. Cityworks Online Deployments (CWOL) are reportedly already protected from these threats.

The vulnerability identified as CVE-2025-0994, rated with a CVSS score of 8.6, indicates a high-risk factor. Attackers are reportedly exploiting this flaw to execute malicious code within the context of Microsoft's Internet Information Services (IIS). While the details on the execution of these attacks are still being investigated, it has been noted that attackers must be authenticated to successfully exploit the vulnerability.

In its advisory, Trimble provides guidance for administrators on recognizing compromised systems by monitoring specific Indicators of Compromise (IOCs), which include particular file names and IP addresses associated with the attacks.

To enhance system defenses beyond just applying the security patch, Trimble's developers recommend several essential security practices. For instance, it is crucial that IIS does not operate with administrative privileges in all areas. Additionally, administrators should ensure that the configuration of attachment directories adheres to security best practices. More detailed advice can be found within the Cityworks support portal.

In light of these developments, the urgency for organizations to bolster their cybersecurity measures cannot be overstated. Implementing the necessary updates and adhering to recommended security protocols are vital steps in protecting against potential threats.