Talos has observed exploitation of CVE-2025-0994 in the wild by UAT-6382, a Chinese-speaking threat actor, who then deployed malware payloads via TetraLoader.
First seen on blog.talosintelligence.com
Jump to article: blog.talosintelligence.com/uat-6382-exploits-cityworks-vulnerability/
