This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π‘οΈ **Root Cause**: **CWE-502** - Deserialization of Untrusted Data. The application processes user-supplied data without proper validation, leading to code execution. β οΈ Flaw in input handling.
Q3Who is affected? (Versions/Components)
π’ **Vendor**: Trimble. π¦ **Product**: Cityworks (GIS-centric platform). π **Affected**: Versions **before 15.8.9**. β **Fixed**: Version 15.8.9 and later.
Q4What can hackers do? (Privileges/Data)
π» **Action**: Hackers can execute arbitrary code on the server. π **Privileges**: Requires **authenticated** access. π **Data**: Full system compromise possible. High impact on infrastructure management.
Q5Is exploitation threshold high? (Auth/Config)
π **Threshold**: **Medium**. Requires **authentication**. π« Not fully open to the public internet without credentials. β οΈ Still dangerous for insider threats or compromised accounts.
Q6Is there a public Exp? (PoC/Wild Exploitation)
π **Exploit**: Yes. Public **PoC** available on GitHub (rxerium/CVE-2025-0994). π **Detection**: Nuclei templates exist. π’ **Status**: CISA warns of **active exploitation** in the wild.
Q7How to self-check? (Features/Scanning)
π **Check**: Use Nuclei with the provided template. π₯οΈ **Command**: `nuclei -u https://yourHost.com -t template.yaml`. π **Method**: Extracts version from HTML body to verify vulnerability.
Q8Is it fixed officially? (Patch/Mitigation)
β **Fix**: Upgrade to **Cityworks 15.8.9** or later. π **Official**: Vendor advisory released on 2025-02-05. π‘οΈ Patch is the primary mitigation.
Q9What if no patch? (Workaround)
π§ **No Patch?**: Restrict network access to authenticated users only. π Block external access if possible. π Limit privileges. β οΈ High risk if no patch available.