Trimble Cityworks Security Vulnerabilities in 2026

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Trimble Cityworks.

Known Exploited Trimble Cityworks Vulnerabilities

The following Trimble Cityworks vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title	Description	Added
Trimble Cityworks Deserialization Vulnerability	Trimble Cityworks contains a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer's Microsoft Internet Information Services (IIS) web server. CVE-2025-0994 Exploit Probability: 74.7%	February 7, 2025

The vulnerability CVE-2025-0994: Trimble Cityworks Deserialization Vulnerability is in the top 5% of the currently known exploitable vulnerabilities.

By the Year

In 2026 there have been 0 vulnerabilities in Trimble Cityworks. Last year, in 2025 Cityworks had 1 security vulnerability published. Right now, Cityworks is on track to have less security vulnerabilities in 2026 than it did last year.

Year	Vulnerabilities	Average Score
2026	0	0.00
2025	1	0.00

It may take a day or so for new Cityworks vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Trimble Cityworks Security Vulnerabilities

Trimble Cityworks <=15.8.9 & OfficeComp <=23.10 Deserial RCE via IIS
CVE-2025-0994 - February 06, 2025

Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customers Microsoft Internet Information Services (IIS) web server.

Marshaling, Unmarshaling