Beginning in early 2025, threat actors exploited CVE-2025-0994, a critical deserialization vulnerability in Trimble Cityworks, to compromise GIS asset and work-order management systems used by multiple US local governments. CISA added this CVE to its Known Exploited Vulnerabilities (KEV) catalog. Approximately 200-plus local government entities across the US that use Cityworks for managing public infrastructure assets, permits, and work orders were potentially affected. Exposed data included GIS asset management data, work-order information, and potentially resident/property data stored in the connected systems. Trimble released patches and CISA issued an advisory urging immediate remediation.