CVE-2025-30397

Published May 13, 2025

Last updated 7 days ago

Exploit knownCVSS high 7.5
Microsoft Scripting Engine

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-30397 is a memory corruption vulnerability within the Microsoft Scripting Engine. Exploitation of this vulnerability could allow an attacker to execute arbitrary code on an affected system. To successfully exploit this vulnerability, a user must click on a specially crafted link, often delivered through a malicious website or script. The vulnerability stems from the scripting engine misinterpreting object types, leading to memory corruption. Notably, successful exploitation requires the target to be running Microsoft Edge in Internet Explorer mode. This vulnerability has been actively exploited in the wild as a zero-day.

Description
Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.
Source
secure@microsoft.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
7.5
Impact score
5.9
Exploitability score
1.6
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Microsoft Windows Scripting Engine Type Confusion Vulnerability
Exploit added on
May 13, 2025
Exploit action due
Jun 3, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

secure@microsoft.com
CWE-843

Social media

Hype score
Not currently trending

  1. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    22 May 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. Microsoft Patches Five Actively Exploited Zero-Day Vulnerabilities Microsoft’s May 2025 Patch Tuesday addressed 78 security flaws, including five zero-day vulnerabilities (CVE-2025-30397, CVE-2025-30400, CVE-2025-32701, CVE-2025-32706, CVE-2025-32709) under active exploitation

    @PTechnology_nfo

    22 May 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    21 May 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    21 May 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    20 May 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    19 May 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  7. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    19 May 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  8. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    18 May 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  9. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    17 May 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  10. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    17 May 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  11. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    16 May 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  12. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    15 May 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  13. Ujawniono pięć aktywnie wykorzystywanych luk zero-day w systemie Windows 💣 CVE-2025-30397 – zdalne wykonanie kodu przez przeglądarkę (RCE) 💣 CVE-2025-32701 i CVE-2025-32706 – podniesienie uprawnień w CLFS 💣 CVE-2025-30400 – podniesienie uprawnień w D

    @Sekurak

    14 May 2025

    4227 Impressions

    6 Retweets

    40 Likes

    8 Bookmarks

    1 Reply

    0 Quotes

  14. 🛑 5 Microsoft zero-days exploited in the wild! One flaw lets attackers hijack full system control—just by visiting a webpage. ◆ 78 flaws fixed — 11 critical ◆ CVE-2025-30397 to 32709 now in CISA’s KEV list ◆ 10.0 CVSS bug in Azure DevOps Server 🔗 Details here

    @TheHackersNews

    14 May 2025

    15816 Impressions

    74 Retweets

    156 Likes

    30 Bookmarks

    1 Reply

    3 Quotes

  15. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    14 May 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  16. ブラウザを介したRCEで悪用されたWindowsゼロデイ脆弱性(CVE-2025-30397) https://t.co/AbRJElwcQA #Security #セキュリティ #ニュース

    @SecureShield_

    14 May 2025

    42 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Microsoftは2025年5月の月例パッチで、Scripting Engineにおける重大なメモリ破損の脆弱性(CVE-2025-30397)を修正した。この脆弱性はType Confusionにより発生し、細工されたURLを通じてリモートから任意コードを実行され

    @yousukezan

    13 May 2025

    1708 Impressions

    1 Retweet

    9 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  18. CVE-2025-30397 Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network. https://t.co/UQ5NIOqMwt

    @CVEnew

    13 May 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.