CVE-2025-0994 — Trimble Cityworks Deserialization Vulnerability

Description

Trimble Cityworks contains a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer's Microsoft Internet Information Services (IIS) web server.

How to fix CVE-2025-0994

No package mapping is available — consult the references below for vendor-specific guidance.

Is CVE-2025-0994 being exploited?

Yes — CVE-2025-0994 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.

Affected packages (0)

No package mapping in OSV.