Full Report
2025-05-22 • Cisco Talos • Asheer Malhotra, Brandon White • win.tetra_loader Open article on Malpedia
Analysis Summary
The provided text snippet is an entry summary pointing to an external article discussing the exploitation of a Cityworks vulnerability (UAT-6382) used for malware delivery. **Crucially, the snippet itself does not contain the required technical details (CVE ID, CVSS score, specific versions, technical description, or patch information).**
Therefore, the summary below will reflect the *lack* of specific details based *only* on the context provided, while structuring the output per the requested format.
# Vulnerability: Cityworks Zero-Day Exploitation Leading to Malware Delivery (UAT-6382)
## CVE Details
- CVE ID: Not specified in the provided context.
- CVSS Score: Not specified in the provided context.
- CWE: Not specified in the provided context.
## Affected Systems
- Products: Cityworks (Specific components/modules implied, but not listed).
- Versions: Not specified in the provided context.
- Configurations: Not specified in the provided context.
## Vulnerability Description
The context identifies an active threat tracked as UAT-6382 that exploits a zero-day vulnerability within Cityworks software to deliver malware, identified as `win.tetra_loader`. The specific technical details of the underlying flaw are not present in this summary snippet.
## Exploitation
- Status: Implied exploited in the wild (Zero-day exploitation described).
- Complexity: Not specified in the provided context.
- Attack Vector: Not specified in the provided context.
## Impact
- Confidentiality: Unknown
- Integrity: Unknown (Delivery of malware suggests Integrity impact)
- Availability: Unknown
## Remediation
### Patches
- Patch information is not available in the provided context. Users must refer to the full Cisco Talos advisory.
### Workarounds
- No specific workarounds are detailed in the provided context.
## Detection
- **Indicators of compromise:** The presence of malware identified as `win.tetra_loader` associated with exploitation UAT-6382 should be considered an IoC.
- **Detection methods and tools:** Detection methodologies would likely involve monitoring for unusual network activity targeting Cityworks services or scanning for the identified malware payload.
## References
- Vendor advisories: Cisco Talos (Source of the report)
- Relevant links - defanged:
- Reference to full article: hxxps://blog.talosintelligence.com/uat-6382-exploits-cityworks-vulnerability/
- Malpedia entry: hxxps://malpedia.caad.fkie.fraunhofer.de/details/win.tetra_loader