Trimble Trimble

  1. Vendors
  2. Trimble

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Trimble product.

RSS Feeds for Trimble security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Trimble products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Trimble Sorted by Most Security Vulnerabilities since 2018

Trimble Sketchup Viewer28 vulnerabilities

Trimble Sketchup10 vulnerabilities

Trimble Cityworks1 vulnerability

Known Exploited Trimble Vulnerabilities

The following Trimble vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Trimble Cityworks Deserialization Vulnerability Trimble Cityworks contains a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer's Microsoft Internet Information Services (IIS) web server.
CVE-2025-0994 Exploit Probability: 74.7% 		February 7, 2025

The vulnerability CVE-2025-0994: Trimble Cityworks Deserialization Vulnerability is in the top 5% of the currently known exploitable vulnerabilities.

By the Year

In 2026 there have been 1 vulnerability in Trimble. Last year, in 2025 Trimble had 2 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Trimble in 2026 could surpass last years number.

Year Vulnerabilities Average Score
2026 1 0.00
2025 2 0.00
2024 34 7.70

It may take a day or so for new Trimble vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Trimble Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2025-15062 Jan 23, 2026
Trimble SketchUp SKP Parser UAF RCE Vulnerability Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27769.
Sketchup
CVE-2025-2024 Mar 07, 2025
SketchUp SKP File RCE via Uninitialized Variable in Parser Trimble SketchUp SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25210.
Sketchup
CVE-2025-0994 Feb 06, 2025
Trimble Cityworks <=15.8.9 & OfficeComp <=23.10 Deserial RCE via IIS Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customers Microsoft Internet Information Services (IIS) web server.
Cityworks
CVE-2024-7511 Nov 22, 2024
SketchUp Pro CVE-2024-7511 OOB Read via PSD in SKP Trimble SketchUp Pro SKP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trimble SketchUp Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD files embedded in SKP files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-23000.
Sketchup
CVE-2024-7510 Nov 22, 2024
SketchUp SKP File Parse Use-After-Free RCE Vulnerability Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19631.
Sketchup
CVE-2024-7509 Nov 22, 2024
Trimble SketchUp SKP Parser Stack Buffer Overflow RCE Trimble SketchUp SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19576.
Sketchup
CVE-2024-7508 Nov 22, 2024
SketchUp Viewer SKP Parse Heap Overflow RCE Trimble SketchUp Viewer SKP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19575.
Sketchup Viewer
CVE-2024-9731 Nov 22, 2024
SketchUp Viewer SKP Parsing RCE via Memory Corruption Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24145.
Sketchup
Sketchup Viewer
CVE-2024-9730 Nov 22, 2024
SketchUp Viewer SKP File Parsing RCE via Memory Corruption Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24146.
Sketchup
Sketchup Viewer
CVE-2024-9728 Nov 22, 2024
SketchUp Viewer SKP Parser UAF RCE via Malicious File Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24112.
Sketchup Viewer
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.