Hackers are hijacking government software to access sensitive servers

Trimble warns Cityworks is being abused in RCE attacks
The company released a patch to address the issue
CISA warns users to apply patch as soon as possible

Hackers are hijacking government software to access sensitive servers, experts have warned.

The warning comes from software vendor Trimble, whose product seems to have been used in the attack. In a letter sent to its customers and partners, Trimble said it observed cybercriminals abusing a deserialization vulnerability in its Cityworks product to engage in Remote Code Execution (RCE) and deploy Cobalt Strike beacons on Microsoft Internet Information Services (IIS) servers.

Trimble Cityworks is a Geographic Information System (GIS) asset management and permitting software designed to help local governments and utilities manage infrastructure, maintenance, and operations efficiently. It was found to have been vulnerable to CVE-2025-0994, a high-severity deserialization bug allowing for RCE, given a severity score of 8.6 (high).

Patching the flaw

“Following our investigations of reports of unauthorized attempts to gain access to specific customers’ Cityworks deployments, we have three updates to provide you,” the company said in the letter. To tackle the threat, Trimble updated Cityworks 15.x to version 15.8.9, and 23.x to 23.10. It also warned about discovering some on-prem deployments having overprivileged IIS identity permissions, and added that some deployments haid incorrect attachment directory configurations.

All of these should be addressed at the same time, to mitigate the threat and resume normal operations with Cityworks.

We don’t know how big the attack is, or if any organizations were compromised as a result, but the US Cybersecurity and Infrastructure Security Agency (CISA) has released a coordinated advisory, urging customers to apply the patches as soon as possible, BleepingComputer has found. “CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures,” it was said in the advisory.

“Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.”

Via BleepingComputer

https://cdn.mos.cms.futurecdn.net/bLTg6GBXmrv6c5v7AJFPsT-1200-80.jpg

Source link

Exclusive: OnePlus reveals the OnePlus Nord 5 series, OnePlus Buds 4, OnePlus Pad Lite, and a new OnePlus Watch

I’m a payments expert – this is what happens when you use an agent to buy on your behalf

HP’s EOFY 2025 sale is stacked with serious discounts on everything from ultra-light laptops to RTX gaming rigs

I just experienced super-smooth Cyberpunk 2077 at Ultra settings on a Mac, but the developers say there’s more to ‘squeeze out’ of Apple Silicon

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

Which Celebrity Styles Americans Copy Most in 2025: New Study

New ‘Westworld’ trailer introduces us to another dystopian tech company

What’s the point of ‘Charlie’s Angels’ without Sam Rockwell dancing?

These striking photos capture the future of human flight

Enterprise Products Partners' SWOT analysis: midstream giant's stock resilience tested

JetBlue's SWOT analysis: airline stock faces turbulence amid strategic shifts

Minnesota lawmaker killed on Saturday served with compassion, governor says

Minnesota shooting suspect told friend in text message: I might be dead soon

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Hackers are hijacking government software to access sensitive servers

Exclusive: OnePlus reveals the OnePlus Nord 5 series, OnePlus Buds 4, OnePlus Pad Lite, and a new OnePlus Watch

I’m a payments expert – this is what happens when you use an agent to buy on your behalf

HP’s EOFY 2025 sale is stacked with serious discounts on everything from ultra-light laptops to RTX gaming rigs

I just experienced super-smooth Cyberpunk 2077 at Ultra settings on a Mac, but the developers say there’s more to ‘squeeze out’ of Apple Silicon