A now-patched high-severity security flaw affecting Trimble Cityworks — a specialized software used by local governments in the US, utilities, and public agencies to manage their infrastructure and community services—was abused by Chinese hackers to compromise systems before a patch was available.
According to a Talos intelligence report, the flaw (tracked as CVE-2025-0994) in the Geographic Information System (GIS)-based asset management tool was used by hackers in zero-day exploitation for achieving remote code execution and subsequent malware delivery.
“Talos has found intrusions in enterprise networks of local governing bodies in the United States (US), beginning January 2025 when initial exploitation first took place,” the cybersecurity outfit said in a blog post, attributing the exploitation to the entity it tracks as ‘UAT-6382’.“Based on tooling and tactics, techniques and procedures (TTPs) employed by the threat actor, Talos assesses with high confidence that the exploitation and subsequent post-compromise activity is carried out by Chinese-speaking threat actors.”