Cyber Resilience

CVE-2025-30397

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 13 May 2025

Published
13 May 2025
Modified
27 October 2025
KEV Added
13 May 2025
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.2074 95.7th percentile
Risk Priority 47 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-30397 is a high-severity Type Confusion (CWE-843) vulnerability in Microsoft Windows 10 1809. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 4.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-30397 is a type confusion vulnerability, tracked as CWE-843, that affects the Microsoft Scripting Engine. The flaw permits an unauthorized attacker to execute arbitrary code over a network when the engine processes incompatible resource types.

An unauthenticated remote attacker can trigger the issue by supplying crafted content that the scripting engine mishandles. Successful exploitation yields high impact on confidentiality, integrity, and availability, although the CVSS vector indicates high attack complexity and a requirement for user interaction.

Microsoft’s advisory at msrc.microsoft.com provides the primary patch guidance, while Vicarius has published accompanying detection and mitigation scripts. The vulnerability also appears in CISA’s Known Exploited Vulnerabilities catalog, confirming that in-the-wild exploitation has been observed.

EPSS currently sits at 0.2074 with a recorded peak of 0.2127.

EU & UK References

Vulnerability details

Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.

CWE(s)
KEV Date Added
13 May 2025

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 1507
≤ 10.0.10240.21014
microsoft
windows 10 1607
≤ 10.0.14393.8066
microsoft
windows 10 1809
≤ 10.0.17763.7314 · ≤ 10.0.17763.7314
microsoft
windows 10 21h2
≤ 10.0.19044.5854
microsoft
windows 10 22h2
≤ 10.0.19045.5854
microsoft
windows 11 22h2
≤ 10.0.22621.5335
microsoft
windows 11 23h2
≤ 10.0.22631.5335
microsoft
windows 11 24h2
≤ 10.0.26100.3981
microsoft
windows server 2008
all versions, r2
microsoft
windows server 2012
all versions, r2
+5 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Memory Protection directly blocks the type-confusion memory access that enables arbitrary code execution in the scripting engine.

prevent

Information Input Validation enforces proper type checking on untrusted script inputs, preventing incompatible-type access that triggers the flaw.

prevent

Flaw Remediation requires prompt application of Microsoft patches that eliminate the type-confusion vulnerability in the scripting engine.

References