CISA Warns of Active Exploitation of Trimble Cityworks Vulnerability - Velox Systems

CISA Warns of Active Exploitation of Trimble Cityworks Vulnerability

Image of the logo of Cityworks, a municipality software

CISA Warns of Active Exploitation of Trimble Cityworks Vulnerability. The organization has issued an urgent warning regarding an exploited security flaw in Trimble Cityworks.  Cityworks is designed to assist local governments and utility agencies in a multitude of areas. These include management of capital assets, workflows, communication, licensing, and permits. The cloud-based platform enables users to record infrastructure data in a geodatabase. Then, cities can also track historical work, assess associated costs, and schedule preventative maintenance.

The Danger of the Vulnerability

The vulnerability in question potentially allows attackers to execute remote code on a customer’s Microsoft Internet Information Services (IIS) web server. “This could allow an authenticated user to perform a remote code execution attack,” CISA stated. Despite Trimble releasing security patches on January 29, 2025, CISA has confirmed that attackers are actively exploiting the flaw in real-world scenarios. The company has acknowledged unauthorized attempts to access certain customers’ Cityworks deployments. However, the identities and objectives of the attackers remain unknown. But, given the severity of the threat, organizations using affected versions of Cityworks are strongly urged to update their software immediately to mitigate potential risks.

How to Remedy This Vulnerability

CISA Warns of Active Exploitation of Trimble Cityworks Vulnerability. As cyber threats continue to evolve, staying proactive with timely updates and security patches remains essential in defending against exploitation. Organizations using Cityworks should assess their security posture and ensure all necessary protections are in place to prevent unauthorized access and potential data breaches.

Cities are at risk of these attacks and the ramifications can be catastrophic.  Having a proactive and nimble cybersecurity team at the helm is key to staying ahead of the curve. Here at Velox Systems, we have a wealth of experience working with municipalities in areas like this, new trends in attacks, and how to keep your organization free of exploitation like this. Unsure where your city is at cybersecurity wise? Have an in-house team but looking for 24/7 remote security services so they can return to full duties? We have you covered. Let’s chat more!