Hackers are hijacking government software to access sensitive servers

News
By published

Trimble Cityworks bug used to run remote code execution attacks

Avast cybersecurity
(Image credit: Avast)
  • Trimble warns Cityworks is being abused in RCE attacks
  • The company released a patch to address the issue
  • CISA warns users to apply patch as soon as possible

Hackers are hijacking government software to access sensitive servers, experts have warned.

The warning comes from software vendor Trimble, whose product seems to have been used in the attack. In a letter sent to its customers and partners, Trimble said it observed cybercriminals abusing a deserialization vulnerability in its Cityworks product to engage in Remote Code Execution (RCE) and deploy Cobalt Strike beacons on Microsoft Internet Information Services (IIS) servers.

Trimble Cityworks is a Geographic Information System (GIS) asset management and permitting software designed to help local governments and utilities manage infrastructure, maintenance, and operations efficiently. It was found to have been vulnerable to CVE-2025-0994, a high-severity deserialization bug allowing for RCE, given a severity score of 8.6 (high).

Patching the flaw

“Following our investigations of reports of unauthorized attempts to gain access to specific customers’ Cityworks deployments, we have three updates to provide you,” the company said in the letter. To tackle the threat, Trimble updated Cityworks 15.x to version 15.8.9, and 23.x to 23.10. It also warned about discovering some on-prem deployments having overprivileged IIS identity permissions, and added that some deployments haid incorrect attachment directory configurations.

All of these should be addressed at the same time, to mitigate the threat and resume normal operations with Cityworks.

We don’t know how big the attack is, or if any organizations were compromised as a result, but the US Cybersecurity and Infrastructure Security Agency (CISA) has released a coordinated advisory, urging customers to apply the patches as soon as possible, BleepingComputer has found. “CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures,” it was said in the advisory.

“Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.”

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
A close-up of an interent search bar with 'http://ww' visible
US government warns this popular CMS software has a worrying security flaw
A person at a laptop with a cybersecure lock symbol floating above it.
Hackers are still using old Ivanti bugs to break into networks
A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.
CISA tells agencies to patch BeyondTrust bug now
Representational image depecting cybersecurity protection
Ivanti reveals major security update, so make sure you're protected
Representational image depecting cybersecurity protection
CISA says Oracle and Mitel have critical security flaws being exploited
A digital representation of a lock
A critical security flaw in Apache Struts is under attack, so patch now
Latest in Security
An American flag flying outside the US Capitol building against a blue sky
The FCC is creating a security council to bolster US defenses against cyberattacks
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
Microsoft warns about a new phishing campaign impersonating Booking.com
Ransomware
Microsoft uncovers sleuthy new XCSSET MacOS malware campaign
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Meta warns of worrying security flaw hitting open source type software
Hand holding smartphone and scan fingerprint biometric identity for unlock her mobile phone
Biometrics add another layer of security to passwordless authentication
Data leak
Hacked Tata Technologies data leaked by ransomware gang
Latest in News
Google Gemini Flash 2.0 Images
I tried Gemini's new AI image generation tool - here are 5 ways to get the best art from Google's Flash 2.0
An image of the Samsung Galaxy S25 Ultra from a hands-on event
Samsung Galaxy S26 Ultra could resurrect an intriguing camera feature
Eurocom Raptor X18
At $15,000, this massive 256GB RAM laptop makes Apple's MacBook Pro look affordable, tiny and very, very slow
Cristin Milioti in Black Mirror season 7
Netflix launches trailer for Black Mirror season 7, giving us a look at its first-ever sequel episode and an unexpected returning character
A graphic of the PC Gaming Show
Get ready for a bounty of PC games on June 8, as the PC Gaming show is back
A close up of The Daily podcast from Pocket Casts' web page
‘Podcasting shouldn’t be locked behind walled gardens’: Pocket Casts slams Spotify and makes its web player free to all
More about security
An American flag flying outside the US Capitol building against a blue sky

The FCC is creating a security council to bolster US defenses against cyberattacks
Ransomware

Microsoft uncovers sleuthy new XCSSET MacOS malware campaign
Google Gemini Flash 2.0 Images

I tried Gemini's new AI image generation tool - here are 5 ways to get the best art from Google's Flash 2.0
See more latest
Most Popular
Google Gemini Flash 2.0 Images
I tried Gemini's new AI image generation tool - here are 5 ways to get the best art from Google's Flash 2.0
Eurocom Raptor X18
At $15,000, this massive 256GB RAM laptop makes Apple's MacBook Pro look affordable, tiny and very, very slow
Dell Pro 75 Plus monitor pictured against a white background.
Dell just launched a $4,000 75-inch 4K touchscreen display - but I've found one rival that's 50% cheaper
An image of the Samsung Galaxy S25 Ultra from a hands-on event
Samsung Galaxy S26 Ultra could resurrect an intriguing camera feature
Quordle on a smartphone held in a hand
Quordle hints and answers for Friday, March 14 (game #1145)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Friday, March 14 (game #642)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Friday, March 14 (game #376)
Verizon logo on a building with blue sky above
Millions of Americans are missing out on cheap unlimited cloud storage - how to check if you are one of them
Cristin Milioti in Black Mirror season 7
Netflix launches trailer for Black Mirror season 7, giving us a look at its first-ever sequel episode and an unexpected returning character
The Toyota FT-Me Concept sitting in a car park
Toyota's self-charging concept EV could help you tackle the daily commute on solar power alone