CVE-2025-0944

Published Feb 1, 2025

Last updated 4 months ago

Overview

Description
A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file customerview.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Source
cna@vuldb.com
NVD status
Analyzed

Risk scores

CVSS 4.0

Type
Secondary
Base score
5.3
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
MEDIUM

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

CVSS 2.0

Type
Secondary
Base score
6.5
Impact score
6.4
Exploitability score
8
Vector string
AV:N/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

cna@vuldb.com
CWE-74
nvd@nist.gov
CWE-89

Social media

Hype score
Not currently trending
  1. 中国のハッカーがTrimble Cityworksの欠陥を悪用し、米国政府のネットワークに侵入(CVE-2025-0944) https://t.co/Vyn1CEQSUf #Security #セキュリティ #ニュース

    @SecureShield_

    23 May 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. A Chinese-speaking threat actor, UAT-6382, exploited a now-patched vulnerability (CVE-2025-0944) in Trimble Cityworks to deploy Cobalt Strike and VShell, targeting U.S. enterprise networks since January 2025. #Security https://t.co/QFD3Ftl5TN

    @Strivehawk

    22 May 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Chinese hackers UAT-6382 exploited patched CVE-2025-0944 in Trimble Cityworks, deploying malware and web shells 🕵️‍♂️ on US local government networks for long-term access. #CyberThreat #USGov #China https://t.co/TgnvHwXZQR

    @TweetThreatNews

    22 May 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 📌 هاجم قراصنة يتحدثون الصينية تُعرفهم الجهات على أنهم UAT-6382 ثغرة في Trimble Cityworks، مما سمح لهم بإدخال كود ضار كـ Cobalt Strike وVShell. استغلوا الثغرة CVE-2025-0944 لتنفيذ هج

    @Cybercachear

    22 May 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-CVE-2025-0944: A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been rated as crit—CVSS 6.3 slams Education. Old bug, new chaos—don’t let this relic ruin your day! Free $500 scan—https://t.co/eoMhrefG0X #Phishing #Ransomware #Threa

    @taqtics_ai

    2 Mar 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2025-0944 A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file custome… https://t.co/DvcRaXEDP4

    @CVEnew

    1 Feb 2025

    781 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations