CVE-2025-30397
Published: 13 May 2025
Summary
CVE-2025-30397 is a high-severity Type Confusion (CWE-843) vulnerability in Microsoft Windows 10 1809. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 4.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2025-30397 is a type confusion vulnerability, tracked as CWE-843, that affects the Microsoft Scripting Engine. The flaw permits an unauthorized attacker to execute arbitrary code over a network when the engine processes incompatible resource types.
An unauthenticated remote attacker can trigger the issue by supplying crafted content that the scripting engine mishandles. Successful exploitation yields high impact on confidentiality, integrity, and availability, although the CVSS vector indicates high attack complexity and a requirement for user interaction.
Microsoft’s advisory at msrc.microsoft.com provides the primary patch guidance, while Vicarius has published accompanying detection and mitigation scripts. The vulnerability also appears in CISA’s Known Exploited Vulnerabilities catalog, confirming that in-the-wild exploitation has been observed.
EPSS currently sits at 0.2074 with a recorded peak of 0.2127.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-14411
Vulnerability details
Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.
- CWE(s)
- KEV Date Added
- 13 May 2025
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Memory Protection directly blocks the type-confusion memory access that enables arbitrary code execution in the scripting engine.
Information Input Validation enforces proper type checking on untrusted script inputs, preventing incompatible-type access that triggers the flaw.
Flaw Remediation requires prompt application of Microsoft patches that eliminate the type-confusion vulnerability in the scripting engine.