{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-15T13:02:24.794","vulnerabilities":[{"cve":{"id":"CVE-2025-0994","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2025-02-06T16:15:41.493","lastModified":"2025-10-30T15:54:12.517","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services (IIS) web server."},{"lang":"es","value":"Las versiones de Trimble CityWorks antes de 15.8.9 y Cityworks con versiones complementarias de la oficina antes de 23.10 son vulnerables a una vulnerabilidad de deserialización. Esto podría permitir que un usuario autenticado realice un ataque de ejecución de código remoto contra el servidor web de Información de Internet de Microsoft de Microsoft (IIS) de un cliente."}],"metrics":{"cvssMetricV40":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:H\/UI:N\/VC:H\/VI:H\/VA:H\/SC:N\/SI:N\/SA:N\/E:X\/CR:X\/IR:X\/AR:X\/MAV:X\/MAC:X\/MAT:X\/MPR:X\/MUI:X\/MVC:X\/MVI:X\/MVA:X\/MSC:X\/MSI:X\/MSA:X\/S:X\/AU:X\/R:X\/V:X\/RE:X\/U:X","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"cisaExploitAdd":"2025-02-07","cisaActionDue":"2025-02-28","cisaRequiredAction":"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.","cisaVulnerabilityName":"Trimble Cityworks Deserialization Vulnerability","weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:trimble:cityworks:*:*:*:*:*:*:*:*","versionEndExcluding":"15.8.9","matchCriteriaId":"97280FE5-5F66-4B2B-88B0-6F6E671FF90A"},{"vulnerable":true,"criteria":"cpe:2.3:a:trimble:cityworks:*:*:*:*:*:*:*:*","versionStartIncluding":"23.0","versionEndExcluding":"23.10","matchCriteriaId":"E611E790-43D6-457E-8C82-E5CB157F14E3"}]}]}],"references":[{"url":"https:\/\/learn.assetlifecycle.trimble.com\/i\/1532182-cityworks-customer-communication-2025-02-05-docx\/0?","source":"ics-cert@hq.dhs.gov","tags":["Vendor Advisory"]},{"url":"https:\/\/www.cisa.gov\/news-events\/ics-advisories\/icsa-25-037-04","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-0994","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}}]}