CVE-2025-30397

Published May 13, 2025

Last updated 5 months ago

Exploit knownCVSS high 7.5
Microsoft Scripting Engine

Overview

Description
Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.
Source
secure@microsoft.com
NVD status
Modified
Products
windows_10_1507, windows_10_1607, windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_22h2, windows_11_23h2, windows_11_24h2, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_2022_23h2, windows_server_2025

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.5
Impact score
5.9
Exploitability score
1.6
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Microsoft Windows Scripting Engine Type Confusion Vulnerability
Exploit added on
May 13, 2025
Exploit action due
Jun 3, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

secure@microsoft.com
CWE-843

Social media

Hype score
Not currently trending

  1. The following vulnerabilities have been added to our feed: CVE-2025-53136: NT OS KASLR Bypass CVE-2025-30397: Internet Explorer/Edge Chakra Engine RCE CVE-2025-59287: Windows Server Update RCE CVE-2025-24893: XWiki Groovy Injection RCE https://t.co/Nw6eZdtCs8

    @crowdfense

    5 Feb 2026

    1725 Impressions

    5 Retweets

    25 Likes

    15 Bookmarks

    0 Replies

    0 Quotes

  2. Remote Code Execution via Use-After-Free in JScript.dll (CVE-2025-30397) https://t.co/I9n6acbYt6 #cyber #threathunting #infosec

    @blueteamsec1

    5 Jul 2025

    1084 Impressions

    0 Retweets

    3 Likes

    2 Bookmarks

    1 Reply

    0 Quotes

  3. Top 5 Trending CVEs: 1 - CVE-2024-24919 2 - CVE-2025-32756 3 - CVE-2024-6387 4 - CVE-2025-30397 5 - CVE-2025-49113 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    8 Jun 2025

    110 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 😈🐆 Villain of the Week 🐆😈 A high-severity vulnerability, CVE-2025-30397, has been identified in Microsoft's Scripting Engine. This flaw allows attackers to execute arbitrary code over a network by exploiting a type confusion vulnerability, particularly when Microsoft

    @vicariusltd

    4 Jun 2025

    69 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. Top 5 Trending CVEs: 1 - CVE-2025-24085 2 - CVE-2025-30397 3 - CVE-2024-29269 4 - CVE-2020-27786 5 - CVE-2023-39780 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    2 Jun 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Remote Code Execution via Use-After-Free in JScript.dll (CVE-2025-30397) https://t.co/FibWjQ71iM

    @Dinosn

    1 Jun 2025

    4053 Impressions

    20 Retweets

    72 Likes

    34 Bookmarks

    0 Replies

    0 Quotes

  7. Top 5 Trending CVEs: 1 - CVE-2025-3935 2 - CVE-2024-29269 3 - CVE-2024-29847 4 - CVE-2025-30397 5 - CVE-2025-37752 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    1 Jun 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. CVE-2025-30397---Windows-Server-2025-JScript-RCE-Use-After-Free- Public #Blueteam #CyberSecurity https://t.co/6XbeYErtcH

    @malwaresick

    1 Jun 2025

    42 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🛡️ Watch out! CVE-2025-30397 is crashing the party in Windows' legacy Scripting Engine. It's like finding a surprise guest at a boring reunion—only this one can exploit your system! #WindowsForum #ZeroDay #PatchTuesday https://t.co/NhdSBaPqHz

    @windowsforum

    31 May 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. CVE-2025-30397: Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network. https://t.co/mIvQLRktCx https://t.co/u0ZBQLkIiY

    @cyber_advising

    31 May 2025

    4748 Impressions

    1 Retweet

    32 Likes

    23 Bookmarks

    0 Replies

    1 Quote

  11. GitHub - mbanyamer/CVE-2025-30397---Windows-Server-2025-JScript-RCE-Use-After-Free-: Remote Code Execution via Use-After-Free in JScript.dll (CVE-2025-30397) - https://t.co/X28iQAhmEi

    @piedpiper1616

    31 May 2025

    4353 Impressions

    35 Retweets

    96 Likes

    38 Bookmarks

    0 Replies

    0 Quotes

  12. 🔴 #Microsoft Scripting Engine, Type Confusion Vulnerability, #CVE-2025-30397 (Critical) https://t.co/PRuYOGMNKi

    @dailycve

    29 May 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    26 May 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  14. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    25 May 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  15. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    24 May 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  16. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    23 May 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  17. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    22 May 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  18. Microsoft Patches Five Actively Exploited Zero-Day Vulnerabilities Microsoft’s May 2025 Patch Tuesday addressed 78 security flaws, including five zero-day vulnerabilities (CVE-2025-30397, CVE-2025-30400, CVE-2025-32701, CVE-2025-32706, CVE-2025-32709) under active exploitation

    @PTechnology_nfo

    22 May 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    21 May 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  20. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    21 May 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  21. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    20 May 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  22. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    19 May 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  23. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    19 May 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  24. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    18 May 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  25. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    17 May 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  26. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    17 May 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  27. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    16 May 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  28. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    15 May 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  29. Ujawniono pięć aktywnie wykorzystywanych luk zero-day w systemie Windows 💣 CVE-2025-30397 – zdalne wykonanie kodu przez przeglądarkę (RCE) 💣 CVE-2025-32701 i CVE-2025-32706 – podniesienie uprawnień w CLFS 💣 CVE-2025-30400 – podniesienie uprawnień w D

    @Sekurak

    14 May 2025

    4227 Impressions

    6 Retweets

    40 Likes

    8 Bookmarks

    1 Reply

    0 Quotes

  30. 🛑 5 Microsoft zero-days exploited in the wild! One flaw lets attackers hijack full system control—just by visiting a webpage. ◆ 78 flaws fixed — 11 critical ◆ CVE-2025-30397 to 32709 now in CISA’s KEV list ◆ 10.0 CVSS bug in Azure DevOps Server 🔗 Details here

    @TheHackersNews

    14 May 2025

    15816 Impressions

    74 Retweets

    156 Likes

    30 Bookmarks

    1 Reply

    3 Quotes

  31. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    14 May 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  32. ブラウザを介したRCEで悪用されたWindowsゼロデイ脆弱性(CVE-2025-30397) https://t.co/AbRJElwcQA #Security #セキュリティ #ニュース

    @SecureShield_

    14 May 2025

    42 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  33. Microsoftは2025年5月の月例パッチで、Scripting Engineにおける重大なメモリ破損の脆弱性(CVE-2025-30397)を修正した。この脆弱性はType Confusionにより発生し、細工されたURLを通じてリモートから任意コードを実行され

    @yousukezan

    13 May 2025

    1708 Impressions

    1 Retweet

    9 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  34. CVE-2025-30397 Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network. https://t.co/UQ5NIOqMwt

    @CVEnew

    13 May 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.CVE-2026-26111
  2. Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally.CVE-2026-25190
  3. Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.CVE-2026-25189
  4. Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to elevate privileges over an adjacent network.CVE-2026-25188
  5. Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.CVE-2026-25187

References

Sources include official advisories and independent security research.