CVE-2025-30397

Published May 13, 2025

Last updated 16 days ago

Exploit knownCVSS high 7.5
Microsoft Scripting Engine

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-30397 is a memory corruption vulnerability within the Microsoft Scripting Engine. Exploitation of this vulnerability could allow an attacker to execute arbitrary code on an affected system. To successfully exploit this vulnerability, a user must click on a specially crafted link, often delivered through a malicious website or script. The vulnerability stems from the scripting engine misinterpreting object types, leading to memory corruption. Notably, successful exploitation requires the target to be running Microsoft Edge in Internet Explorer mode. This vulnerability has been actively exploited in the wild as a zero-day.

Description
Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.
Source
secure@microsoft.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.5
Impact score
5.9
Exploitability score
1.6
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Microsoft Windows Scripting Engine Type Confusion Vulnerability
Exploit added on
May 13, 2025
Exploit action due
Jun 3, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

secure@microsoft.com
CWE-843

Social media

Hype score
Not currently trending

  1. Top 5 Trending CVEs: 1 - CVE-2024-24919 2 - CVE-2025-32756 3 - CVE-2024-6387 4 - CVE-2025-30397 5 - CVE-2025-49113 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    8 Jun 2025

    110 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 😈🐆 Villain of the Week 🐆😈 A high-severity vulnerability, CVE-2025-30397, has been identified in Microsoft's Scripting Engine. This flaw allows attackers to execute arbitrary code over a network by exploiting a type confusion vulnerability, particularly when Microsoft

    @vicariusltd

    4 Jun 2025

    69 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. Top 5 Trending CVEs: 1 - CVE-2025-24085 2 - CVE-2025-30397 3 - CVE-2024-29269 4 - CVE-2020-27786 5 - CVE-2023-39780 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    2 Jun 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Remote Code Execution via Use-After-Free in JScript.dll (CVE-2025-30397) https://t.co/FibWjQ71iM

    @Dinosn

    1 Jun 2025

    4053 Impressions

    20 Retweets

    72 Likes

    34 Bookmarks

    0 Replies

    0 Quotes

  5. Top 5 Trending CVEs: 1 - CVE-2025-3935 2 - CVE-2024-29269 3 - CVE-2024-29847 4 - CVE-2025-30397 5 - CVE-2025-37752 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    1 Jun 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2025-30397---Windows-Server-2025-JScript-RCE-Use-After-Free- Public #Blueteam #CyberSecurity https://t.co/6XbeYErtcH

    @malwaresick

    1 Jun 2025

    42 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🛡️ Watch out! CVE-2025-30397 is crashing the party in Windows' legacy Scripting Engine. It's like finding a surprise guest at a boring reunion—only this one can exploit your system! #WindowsForum #ZeroDay #PatchTuesday https://t.co/NhdSBaPqHz

    @windowsforum

    31 May 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. CVE-2025-30397: Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network. https://t.co/mIvQLRktCx https://t.co/u0ZBQLkIiY

    @cyber_advising

    31 May 2025

    4748 Impressions

    1 Retweet

    32 Likes

    23 Bookmarks

    0 Replies

    1 Quote

  9. GitHub - mbanyamer/CVE-2025-30397---Windows-Server-2025-JScript-RCE-Use-After-Free-: Remote Code Execution via Use-After-Free in JScript.dll (CVE-2025-30397) - https://t.co/X28iQAhmEi

    @piedpiper1616

    31 May 2025

    4353 Impressions

    35 Retweets

    96 Likes

    38 Bookmarks

    0 Replies

    0 Quotes

  10. 🔴 #Microsoft Scripting Engine, Type Confusion Vulnerability, #CVE-2025-30397 (Critical) https://t.co/PRuYOGMNKi

    @dailycve

    29 May 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    26 May 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  12. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    25 May 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  13. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    24 May 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  14. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    23 May 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  15. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    22 May 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  16. Microsoft Patches Five Actively Exploited Zero-Day Vulnerabilities Microsoft’s May 2025 Patch Tuesday addressed 78 security flaws, including five zero-day vulnerabilities (CVE-2025-30397, CVE-2025-30400, CVE-2025-32701, CVE-2025-32706, CVE-2025-32709) under active exploitation

    @PTechnology_nfo

    22 May 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    21 May 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  18. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    21 May 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  19. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    20 May 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  20. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    19 May 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  21. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    19 May 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  22. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    18 May 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  23. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    17 May 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  24. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    17 May 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  25. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    16 May 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  26. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    15 May 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  27. Ujawniono pięć aktywnie wykorzystywanych luk zero-day w systemie Windows 💣 CVE-2025-30397 – zdalne wykonanie kodu przez przeglądarkę (RCE) 💣 CVE-2025-32701 i CVE-2025-32706 – podniesienie uprawnień w CLFS 💣 CVE-2025-30400 – podniesienie uprawnień w D

    @Sekurak

    14 May 2025

    4227 Impressions

    6 Retweets

    40 Likes

    8 Bookmarks

    1 Reply

    0 Quotes

  28. 🛑 5 Microsoft zero-days exploited in the wild! One flaw lets attackers hijack full system control—just by visiting a webpage. ◆ 78 flaws fixed — 11 critical ◆ CVE-2025-30397 to 32709 now in CISA’s KEV list ◆ 10.0 CVSS bug in Azure DevOps Server 🔗 Details here

    @TheHackersNews

    14 May 2025

    15816 Impressions

    74 Retweets

    156 Likes

    30 Bookmarks

    1 Reply

    3 Quotes

  29. Actively exploited CVE : CVE-2025-30397

    @transilienceai

    14 May 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  30. ブラウザを介したRCEで悪用されたWindowsゼロデイ脆弱性(CVE-2025-30397) https://t.co/AbRJElwcQA #Security #セキュリティ #ニュース

    @SecureShield_

    14 May 2025

    42 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  31. Microsoftは2025年5月の月例パッチで、Scripting Engineにおける重大なメモリ破損の脆弱性(CVE-2025-30397)を修正した。この脆弱性はType Confusionにより発生し、細工されたURLを通じてリモートから任意コードを実行され

    @yousukezan

    13 May 2025

    1708 Impressions

    1 Retweet

    9 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  32. CVE-2025-30397 Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network. https://t.co/UQ5NIOqMwt

    @CVEnew

    13 May 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.