Type Confusion Vulnerability in Microsoft Scripting Engine
CVE-2025-30397
Key Information:
- Vendor
Microsoft
- Status
- Vendor
- CVE Published:
- 13 May 2025
Badges
What is CVE-2025-30397?
CVE-2025-30397 is a significant type confusion vulnerability within the Microsoft Scripting Engine, a core component of various Microsoft applications that enables script execution and automation tasks. This flaw allows an unauthorized attacker to manipulate the way the scripting engine processes types, potentially leading to arbitrary code execution over a network. The implications of this vulnerability are substantial as it can compromise system integrity, allowing attackers to gain control over affected systems or execute malicious scripts. The Scripting Engine is widely utilized in applications such as Internet Explorer and Windows environments, making this vulnerability a critical concern for organizations relying on these technologies.
Potential impact of CVE-2025-30397
-
Arbitrary Code Execution: The most severe impact of CVE-2025-30397 is the potential for remote code execution by attackers. By exploiting this vulnerability, an attacker could execute malicious code on a target system, leading to unauthorized actions and control over the compromised system.
-
Data Breach Risks: With the ability to execute code remotely, there is a significant risk of data breaches. Attackers may gain access to sensitive information, leading to the potential theft of personal data, intellectual property, or critical business information, which could have severe ramifications for organizations.
-
Widespread Exploitation Potential: Given the extensive use of the Microsoft Scripting Engine in various applications, the vulnerability presents a broad attack surface. This wide-reaching impact increases the likelihood of exploitation, especially if organizations fail to implement timely security measures and patch updates, making them prime targets for cyber threats.
CISA has reported CVE-2025-30397
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-30397 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.21014
Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.8066
Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.7314
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
ForbesWindows Is Under Attack, Microsoft Confirms โ Act Now, CISA Warns
Microsoft has confirmed multiple new Windows zero-day attacks. Here's what you need to know and do, right now.
3 weeks ago
GBHackers NewsCVE-2025-30397New Microsoft Scripting Engine Vulnerability Exposes Systems to Remote Code Attacks
Critical zero-day vulnerability in Microsoftโs Scripting Engine (CVE-2025-30397) has been confirmed to enable remote code execution.
3 weeks ago
CybersecurityNewsCVE-2025-30397Microsoft Scripting Engine 0-Day Vulnerability Enables Remote Code Execution Over Network
Microsoft has disclosed a critical memory corruption vulnerability in its Scripting Engine (CVE-2025-30397), which allows unauthorized attackers to execute code remotely over a network.
4 weeks ago
References
EPSS Score
30% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- ๐
Vulnerability started trending
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
- ๐ฆ
CISA Reported
- ๐ฐ
First article discovered by CybersecurityNews
Vulnerability published
Vulnerability Reserved