CVE-2025-30397: 
vulnerability analysis and mitigation

CVE-2025-30397 is a memory corruption vulnerability in Microsoft Scripting Engine discovered in May 2025. The vulnerability allows an unauthorized attacker to execute code over a network when users are running Microsoft Edge in Internet Explorer mode. This type of confusion vulnerability was actively exploited in the wild as a zero-day before patches were released (NVD, Tenable Blog).

The vulnerability is classified as a type confusion flaw (CWE-843) that leads to memory corruption in the Microsoft Scripting Engine. It received a CVSS v3.1 base score of 7.5 (High) with attack vector being network-based (AV:N), high attack complexity (AC:H), requiring no privileges (PR:N), and user interaction (UI:R). The vulnerability affects multiple versions of Windows Server and Windows 10 operating systems (NVD).

Successful exploitation of this vulnerability allows attackers to execute arbitrary code in the context of the current user. If the user has administrative privileges, attackers could gain full system control, enabling data theft, malware installation, and lateral movement across networks (Hacker News).

Microsoft has released patches for this vulnerability as part of its May 2025 Patch Tuesday updates. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to apply the fixes by June 3, 2025 (CISA).