CVE-2025-7973

High CVSS 8.5

Overview

A security issue exists in FactoryTalk ViewPoint version 14.0 or below due to improper handling of MSI repair operations. During a repair, attackers can hijack the cscript.exe console window, which runs with SYSTEM privileges. This can be exploited to spawn an elevated command prompt, enabling full privilege escalation.

CWE: CWE-268 Published: 2025-08-14T14:15:35.847

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 8.5 (HIGH)
Detected tags: priv_esc (tag impact: HIGH)

Recommended actions:

Fix privilege escalation urgently.
Enforce least-privilege and strengthen EDR detection.

Overview

Recommended tools

Tags