PatchSiren cyber security CVE debrief
CVE-2025-7064 ABB CVE debrief
CVE-2025-7064 is a medium-severity authentication bypass vulnerability in ABB Freelance. The issue affects multiple versions of Freelance, including through 2013, 2013 SP1, 2016, 2016 SP1, 2019, 2019 SP1, 2019 SP1 FP1, and 2024. The vulnerability is caused by a primary weakness, classified as CWE-305. The CVSS score for this vulnerability is 5.6, indicating a medium severity level.
- Vendor
- ABB
- Product
- Freelance
- CVSS
- MEDIUM 5.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-11
Who should care
Users of ABB Freelance systems, particularly those using affected versions, should be aware of this vulnerability and take necessary precautions to mitigate the risk.
Technical summary
The vulnerability allows for authentication bypass, which could potentially allow an attacker to gain unauthorized access to the system. The CVSS vector for this vulnerability is CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:L/U:Green.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply patches or updates provided by ABB to affected Freelance systems.
- Review and update system configurations to ensure secure authentication mechanisms are in place.
- Monitor system activity for potential unauthorized access attempts.
Evidence notes
The CVE record and NVD detail can be found at resourceLinkAnnotations 'cve-org' and 'nvd'.
Official resources
-
CVE-2025-7064 CVE record
CVE.org
-
CVE-2025-7064 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2025-7064 was published on 2026-06-11T10:16:21.053Z and modified on 2026-06-11T15:28:44.720Z.