CVE advisoryKnown Exploit
CVE-2025-0994
Trimble Cityworks Remote Code Execution Vulnerability.
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A deserialization vulnerability in Trimble Cityworks allows an authenticated user to execute remote code on the web server. This impacts organizations using the affected software, potentially leading to unauthorized access and service disruptions. Organizations should identify affected systems and apply vendor updates.