Cityworks Faces Active Exploitation Due to Zero-Day Vulnerability

Cityworks, an enterprise asset management product developed by Trimble, is under active cyber threat due to a recently discovered zero-day vulnerability. On Feb. 10, Alexander Culafi reported in TechTarget that the flaw allowed authenticated users to execute remote code on affected Microsoft IIS web servers.

Cityworks is a widely used enterprise asset management platform designed to help municipalities and organizations manage infrastructure and public assets. Its parent company, Trimble, is a major industrial technology vendor known for its software solutions.

The vulnerability impacts all versions of Cityworks prior to 15.8.9 and Cityworks with Office Companion prior to 23.10. The US Cybersecurity and Infrastructure Security Agency (CISA) has confirmed that the vulnerability is actively exploited, though Cityworks does not directly control industrial processes.

The zero-day vulnerability stems from the improper deserialization of untrusted data, a common software flaw that can lead to remote code execution. Upon discovery, Trimble worked with CISA to assess the threat, provide security patches, and issue mitigation guidance.

Following reports of exploitation, Trimble released an advisory urging on-premises customers to update to patched versions 15.8.9 and 23.10 immediately. While Cityworks Online (CWOL) automatically receives security updates, on-premises deployments require manual intervention.

Trimble also warned that some Cityworks installations had improper IIS identity permissions and attachment directory configurations, which could further expose systems to risk.

To mitigate threats, Trimble recommended ensuring IIS does not run with administrative privileges and limiting attachment directories to dedicated subfolders. Security researchers identified a small number of exposed Cityworks instances, all within North America, with at least five unpatched deployments.

For lawyers advising clients on cybersecurity and compliance, this case underscores the importance of timely patch management and adherence to security best practices. Firms representing municipalities or critical infrastructure clients should stress the risks of unpatched software and improper server configurations.

Additionally, Cityworks users should ensure they have applied the recommended updates and security measures to mitigate potential threats. This incident highlights the value of vendor communication and proactive threat intelligence in maintaining cybersecurity resilience.