Back to KEVs

CVE-2025-30397

Scripting Engine Memory Corruption Vulnerability

Basic Information

CVE State: PUBLISHED
Reserved Date: March 21, 2025
Published Date: May 13, 2025
Last Updated: May 29, 2025
Vendor: Microsoft
Product: Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows Server 2025 (Server Core installation), Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows Server 2025, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)
Description: Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.
Tags

CVSS Scores

CVSS v3.1

7.5 - HIGH

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

EPSS Score

Score: 30.91% (Percentile: 96.48%) as of 2025-06-10

SSVC Information

Exploitation: active
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (2025-05-13 00:00:00 UTC) Source

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30397

Known Exploited Vulnerability Information

Source	Added Date
CISA	2025-05-13 00:00:00 UTC

Recent Mentions

Microsoft Patch Tuesday: May 2025

Source: Arctic Wolf • Published: 2025-05-14 15:26:01 UTC

On May 13, 2025, Microsoft released its May 2025 security update, addressing 78 newly disclosed vulnerabilities. Arctic Wolf has highlighted six of these vulnerabilities in this security bulletin, including five that have been exploited in the wild and one that Microsoft has rated as critical.  Vulnerabilities Vulnerability  CVSS  Description  Exploited?  CVE-2025-30397  7.5  Scripting Engine Memory ... Microsoft Patch Tuesday: May 2025

Microsoft Patch Tuesday for May 2025 — Snort rules and prominent vulnerabilities

Source: Cisco Talos Blog • Published: 2025-05-13 20:38:26 UTC

Microsoft has released its monthly security update for May of 2025 which includes 78 vulnerabilities affecting a range of products, including 11 that Microsoft marked as “critical”.  Microsoft noted five vulnerabilities that have been observed to be exploited in the wild. CVE-2025-30397 is a remote code

Microsoft’s May 2025 Patch Tuesday Addresses 71 CVEs (CVE-2025-32701, CVE-2025-32706, CVE-2025-30400)

Source: Tenable Blog • Published: 2025-05-13 19:11:55 UTC

5Critical66Important0Moderate0LowMicrosoft addresses 71 CVEs including seven zero-days, five of which were exploited in the wild.Microsoft patched 71 CVEs in its May 2025 Patch Tuesday release, with five rated critical and 66 rated as important.This month’s update includes patches for:.NET, Visual Studio, and Build Tools for Visual StudioActive Directory Certificate Services (AD CS)AzureAzure AutomationAzure DevOpsAzure File SyncAzure Storage Resource ProviderMicrosoft Brokering File SystemMicrosoft DataverseMicrosoft Defender for EndpointMicrosoft Defender for IdentityMicrosoft Edge (Chromium-based)Microsoft OfficeMicrosoft Office ExcelMicrosoft Office OutlookMicrosoft Office PowerPointMicrosoft Office SharePointMicrosoft PC ManagerMicrosoft Power AppsMicrosoft Scripting EngineRemote Desktop Gateway ServiceRole: Windows Hyper-VUniversal Print Management ServiceUrlMonVisual StudioVisual Studio CodeWeb Threat Defense (WTD.sys)Windows Ancillary Function Driver for WinSockWindows Common Log File System DriverWindows Deployment ServicesWindows DriversWindows DWMWindows File ServerWindows FundamentalsWindows Hardware Lab KitWindows InstallerWindows KernelWindows LDAP - Lightweight Directory Access ProtocolWindows MediaWindows NTFSWindows Remote DesktopWindows Routing and Remote Access Service (RRAS)Windows Secure Kernel ModeWindows SMBWindows Trusted Runtime Interface DriverWindows Virtual Machine BusWindows Win32K - GRFXRemote code execution (RCE) vulnerabilities accounted for 39.4% of the vulnerabilities patched this month, followed by elevation of privilege (EoP) vulnerabilities at 25.4%.ImportantCVE-2025-30385, CVE-2025-32701 and CVE-2025-32706 | Windows Common Log File System Driver Elevation of Privilege VulnerabilitiesCVE-2025-30385, CVE-2025-32701 and CVE-2025-32706 are EoP vulnerabilities in the Windows Common Log File System (CLFS) Driver. Each was assigned a CVSSv3 score of 7.8 and are rated as important. Both CVE-2025-32701 and CVE-2025-32706 were...

CISA Adds Five Known Exploited Vulnerabilities to Catalog

Source: All CISA Advisories • Published: 2025-05-13 12:00:00 UTC

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-30400 Microsoft Windows DWM Core Library Use-After-Free Vulnerability CVE-2025-32701 Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability CVE-2025-32706 Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability CVE-2025-30397 Microsoft Windows Scripting Engine Type Confusion Vulnerability CVE-2025-32709 Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

Timeline

CVE ID Reserved

March 21, 2025
Added to KEVIntel

May 13, 2025
CVE Published to Public

May 13, 2025