CVE-2025-30397
CISA KEV ActiveTitle: Microsoft Windows 10 22H2
Other
Proof Of Concept
PoC Available for CVE-2025-30397
CWE Category
CWE-843
Published Date
May 13, 2025
Modified Date
Oct 27, 2025
Exploit Status
Available
Score
7.5
CVSS v3.1
Exploit Probability (EPSS)
20.87%
Vulnerability Summary
CVE-2025-30397: Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.
Impacted Vendors
Reference Links
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30397
https://www.vicarius.io/vsociety/posts/cve-2025-30397-type-confusion-vulnerability-in-microsoft-scripting-engine-detection-script
https://www.vicarius.io/vsociety/posts/cve-2025-30397-type-confusion-vulnerability-in-microsoft-scripting-engine-mitigation-script
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-30397
CVSS v3.1
Source Entity
[email protected]
Severity
HIGH
7.5
Attack Vector
NETWORK
Complexity
HIGH
Privileges
N/A
Interaction
REQUIRED
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
UNCHANGED
RAW VECTOR
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Associated Attack Patterns (CAPEC)
Total: PatternsNo specific attack patterns mapped.
Likelihood
Severity
Page /
CVE-2025-30397 Exploits & PoCs (Proof Of Concept)
GitHub
https://github.com/mbanyamer/CVE-2025-30397---Windows-Server-2025-JScript-RCE-Use-After-Free-
GitHub
https://github.com/Leviticus-Triage/ChromSploit-Framework
GitHub
https://github.com/Ashwesker/Blackash-CVE-2025-30397
Exploit-DB
https://www.exploit-db.com/exploits/52315
MODIFIED
Vulnerability data or affected products updated.
MODIFIED
Vulnerability data updated via NVD.
PUBLISHED
Vulnerability first announced in NVD.
Attack Vector Matrix
Access Vector
NETWORK
Complexity
HIGH
Privileges
N/A
Interaction
REQUIRED
CVSS Vector String
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Stack
No specific products linked.