CVE-2025-30397 - PatchNow

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: USER_INTERACTION

CVE Published: 2025-05-13

Added to CISA KEV: 2025-05-13 0 DAY BETWEEN CVE AND KEV

🎯 Recommendations:

CRITICAL: Check for indicators of compromise - this vulnerability is in CISA KEV indicating active exploitation in the wild. Review logs, check for unauthorized access, verify system integrity
Apply Microsoft security updates immediately across all Windows systems
Implement enhanced email security and web filtering to block malicious script delivery
Monitor for suspicious script execution and process creation events
Consider disabling Windows Script Host (WSH) where not required for business operations
Educate users about risks of opening untrusted documents or visiting suspicious websites

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2025-30397 is a critical security vulnerability involving a type confusion flaw within the Microsoft Scripting Engine ^[2]. It was disclosed in May 2025 as part of Microsoft's Patch Tuesday updates ^[4].

Vulnerability Overview

Type: Type Confusion (Memory Corruption) ^[2].
Component: Microsoft Scripting Engine (specifically affecting `jscript.dll`) ^[1].
Impact: Successful exploitation allows an unauthorized remote attacker to execute arbitrary code on the target system ^[3].
Severity: CVSS scores have been reported in the range of 7.5 to 8.0 (High) ^[3] ^[7].

Exploitation and Attack Methods

Attack Vector: The vulnerability is exploitable over a network ^[2].
Methodology: Attackers can trigger the flaw by sending malicious data to systems that process untrusted input through the affected scripting engine ^[5]. It has been noted that the vulnerability can be triggered via Microsoft Edge's "IE Mode" ^[6].
Exploit Availability: Proof-of-concept (PoC) code has been made publicly available, including repositories demonstrating remote code execution (RCE) capabilities against affected Windows versions ^[1].

Status and Mitigation

Active Exploitation: As of the disclosure period in mid-2025, the vulnerability was identified as a significant risk, though specific details regarding widespread ransomware campaigns or specific threat actor attribution were not widely publicized in initial security advisories.
Patch Status: This vulnerability was addressed by Microsoft in the May 2025 security updates ^[4].
Recommendation: Organizations should ensure that all Windows systems are fully updated with the patches released in May 2025 or later to mitigate the risk of exploitation?bpmtrackid=22&bpmreplica=0?kagi_q=CVE-2025-30397.

Sources

CVE-2025-30397---Windows-Server-2025-JScript-RCE- ...
This repository contains a proof-of-concept (PoC) exploit for a Use-After-Free vulnerability in the JScript engine ( jscript.dll ) affecting Windows Server ...
CVE-2025-30397 Detail - NVD
Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.
NVD - CVE-2025-30397
CVE-2025-30397 is a type confusion vulnerability that allows an unauthorized attacker to execute code over a network. It affects various Windows versions and has a CVSS score of 7.5 (HIGH). See vendor advisory, CISA guidance, and affected software configurations. ... NVD MENU Information Technology…
Microsoft Patch Tuesday - May 2025
CVE-2025-30397: This type confusion vulnerability in the Microsoft Scripting Engine could let an unauthorized remote attacker execute ...
CVE-2025-30397 - Type Confusion in Microsoft Scripting Engine Explained ...
In early 2025, security researchers discovered a critical vulnerability tracked as CVE-2025-30397—a type confusion bug in the Microsoft Scripting Engine. This vulnerability makes it possible for an unauthorized attacker to execute arbitrary code simply by sending malicious data over a network, targe…
Type Confusion Strikes Again: Analyzing CVE-2025-30397 ...
CVE-2025-30397 exposes a critical type confusion flaw in Microsoft's Scripting Engine, enabling remote attackers to execute arbitrary code via Edge's IE Mode.
Microsoft Windows: CVE-2025-30397
Microsoft Windows: CVE-2025-30397: Scripting Engine Memory Corruption Vulnerability. Try Surface Command. Severity 8 CVSS.