CityWorks by Trimble is a commonly used GIS system. And, it is commonly either self-hosted, or, hosted by a set of individual partners, running as a virtual host within Microsoft IIS. A newly issued alert from CISA, and a note from Trimble, indicate that CVE-2025-0994 is being actively exploited (a Known Exploited Vulnerability) as an 8.6. How do you read an 8.6? Well, roughly the same way you would read an earthquake. Versions prior to January 29th, 2025 are vulnerable. Trimble has released ...
