Cityworks Zero-Day Vulnerability Used by UAT-638 Hackers to Infect IIS Servers with Shell Malware
Posted: Fri May 23, 2025 4:21 am
Cisco Talos has uncovered active exploitation of a zero-day remote-code-execution vulnerability, identified as CVE-2025-0994, in Cityworks, a widely used asset management system.
This critical flaw has been leveraged by a group tracked as UAT-6382, assessed with high confidence to be Chinese-speaking threat actors, to target enterprise networks of local governing bodies in the United States since January 2025.
https://gbhackers.com/cityworks-zero-da ... 8-hackers/
This critical flaw has been leveraged by a group tracked as UAT-6382, assessed with high confidence to be Chinese-speaking threat actors, to target enterprise networks of local governing bodies in the United States since January 2025.
https://gbhackers.com/cityworks-zero-da ... 8-hackers/