CVE-2025-30397: 
vulnerability analysis and mitigation

CVE-2025-30397 is a type confusion vulnerability in the Microsoft Scripting Engine discovered in May 2025. This vulnerability allows an unauthorized attacker to execute code over a network through access of resource using incompatible type. The vulnerability affects Microsoft Windows systems that use Edge in Internet Explorer Mode (NVD, Rapid7 Blog).

The vulnerability has a CVSSv3 base score of 7.5 (High) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H. Successful exploitation requires an attacker to first prepare the target so that it uses Edge in Internet Explorer Mode, and then causes the user to click a malicious link. The attack complexity is assessed as high, though in enterprise environments where Internet Explorer compatibility mode is enabled by default, the complexity becomes significantly lower (Rapid7 Blog).

If successfully exploited, the vulnerability allows attackers to execute arbitrary code in the context of the current user. When the user has administrative privileges, attackers could gain full system control, enabling data theft, malware installation, and lateral movement across networks (Hacker News).

Microsoft has released patches to address this vulnerability as part of their May 2025 Patch Tuesday updates. Organizations are strongly advised to apply these security updates, particularly those using Internet Explorer compatibility mode in their environments (NVD).