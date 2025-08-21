Data Security, Critical Infrastructure Security

Town, city data exposure likely with Workhorse Software flaws

SecurityWeek reports that the U.S. CERT Coordination Center has disclosed that Workhorse Software Services' accounting software, which is leveraged by over 300 Wisconsin municipalities, has been impacted by a pair of security flaws that could be exploited to compromise sensitive data.

Aside from the information exposure vulnerability, tracked as CVE-2025-9037, attackers could also leverage the database backup feature issue, tracked as CVE-2025-9040, to create an unencrypted database backup file, allowing access to Social Security numbers and other confidential data stored by cities and towns, according to CERT/CC. "Possession of a database backup could also enable data tampering, potentially undermining audit trails and compromising the integrity of municipal financial operations," CERT/CC added. Both flaws, which were identified by Sparrow IT Solutions researcher James Harrold, have already been addressed as part of the version 1.9.4.48019 update, with Workhorse emphasizing user responsibility in the software's SQL authentication technique.

