CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

ABB Freelance Security Lock

criticalCVE-2025-7064
View CSAF Summary Successful exploitation of this vulnerability could allow access to underlying OS functions even when Freelance Operations is active, depending on system configuration and user permissions. The following versions of ABB Freelance Security Lock are affected: ABB System Version (<=Freelance 2013) installed with ABB Freelance Security Lock(All versions) vers:all/* ABB System Version (Freelance 2013 SP1) installed with ABB Freelance Security Lock(All versions) vers:all/* ABB System Version (Freelance 2016) installed with ABB Freelance Security Lock(All versions) vers:all/* ABB System Version (Freelance 2016 SP1) installed with ABB Freelance Security Lock(All versions) vers:all/* ABB System Version (Freelance 2019) installed with ABB Freelance Security Lock(All versions) vers:all/* ABB System Version (Freelance 2019 SP1) installed with ABB Freelance Security Lock(All versions) vers:all/* ABB System Version (Freelance 2019 SP1 FP1) installed with ABB Freelance Security Lock(All versions) vers:all/* ABB System Version (Freelance 2024) installed with ABB Freelance Security Lock(All versions) vers:all/* CVSS Vendor Equipment Vulnerabilities v3 6.6 ABB ABB Freelance Security Lock Authentication Bypass by Primary Weakness Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Switzerland Vulnerabilities Expand All + CVE-2025-7064 An attacker is able to attack Freelance user management when Security Lock is enabled. The precondition is that the attacker bypasses Freelance Operations which blocks access to the Windows operating system. This bypass can be achieved via undocumented or special key combinations available on modern keyboards. These combinations may allow access to underlying OS functions even when Freelance Operations is active, depending on system configuration and user permissions. View CVE Details Affected Products ABB Freelance Security Lock Vendor: ABB Product Ver

CSIRTS triage

vendor: ABBproduct: Freelance Security LockPrivilege escalationaffected: ABB System Version (<=Freelance 2013), Freelance 2013 SP1, Freelance 2016, Freelance 2016 SP1, Freelance 2019, Freelance 2019 SP1
What
Exploitation could allow access to underlying OS functions despite active security measures.
Who is affected
Users of ABB Freelance Security Lock across specified versions.
Urgency
Remediation is critical due to the potential for unauthorized access.
Action
Update to the latest versions of ABB Freelance Security Lock.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch Freelance Security Lock

Get an email when a new Freelance Security Lock advisory drops — max one per day, one-click unsubscribe.

Details

Source
CISA Cybersecurity Advisories (US · national-cert · site)
Severity
critical
Published
2026-06-23
Exploitation
Not in CISA KEV at last sync

Original advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-26-174-05

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2025-7064coverage & exploitation statusNVD · CVE.org

More from CISA Cybersecurity Advisories