CVE-2025-0994P1HIGHCVSS 8.8KEVfixed in 15.8.9·≥ 23.0, < 23.10+1 more2025-02-06
CVE-2025-0994 [HIGH] CWE-502 CVE-2025-0994: Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.
Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services (IIS) web server.
nvd