CVE-2025-0994

ENISA EUVD: EUVD-2025-1955 ↗

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 5, 2026 3 articles Published: 2025-02-06

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

75.22%

probability

This CVE has a 75.22% probability of being exploited in the next 30 days.

0% Top 98.9th percentile of all CVEs 100%

CVSS v4.0 NEW

Source: VulnerabilityLookup (CIRCL)

8.6

HIGH

Attack Vector

Network

Attack Complexity

Low

Attack Requirements

None

Privileges Required

High

User Interaction

None

Vulnerable System Confidentiality Impact

High

Vulnerable System Integrity Impact

High

Vulnerable System Availability Impact

High

Subsequent System Confidentiality Impact

None

Subsequent System Integrity Impact

None

Subsequent System Availability Impact

None

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVSS v3.1

Source: NVD

8.8

HIGH

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)

Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services (IIS) web server.

Affected Products

Trimble

Cityworks

Trimble

Cityworks (with office companion)

trimble

cityworks

Trimble

Cityworks

0 <15.8.9

Trimble

Cityworks (with office companion)

0 <23.10

Attack Intelligence

CWE-502 · Deserialization of Untrusted Data CWE-664 · Improper Control of a Resource Through its Lifetime CWE-913 · Improper Control of Dynamically-Managed Code Resources

Exploits & PoC

rxerium/CVE-2025-0994

Cityworks deserialization of untrusted data vulnerability Detection

4 2025-10-14

1 repo — triés par ⭐ Rechercher sur GitHub ↗

https://www.cisa.gov/news-events/ics-advisories/icsa-25-037-04

government-resource third-party-advisory

https://learn.assetlifecycle.trimble.com/i/1532182-cityworks-customer-communication-2025-02-05-docx/0?

vendor-advisory

Signal Intelligence

Confidenceⓘ

85%

EPSS 75.22%

CVSS v4.0 8.6

CVSS v3.1 8.8

Mentions 3

Last Seen May 22, 2025

CNA Information

CNA Assigner

icscert

Analyst Note

CVE-2025-0994 is a February 2025 vulnerability with active exploitation by Chinese threat actors against US local governments reported by BleepingComputer. The article explicitly labels it as a 'zero-day', and the timing (CVE published Feb 6, 2025; exploitation actively occurring) indicates real-world attacks preceded or coincided with patch availability. High CVSS score and authenticated RCE capability support severity claims.