microsoft windows-server-2008 CVE-2025-30397 vulnerability in Microsoft Products
Published on May 13, 2025

product logo product logo
Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.

Vendor Advisory NVD

Known Exploited Vulnerability

This Microsoft Windows Scripting Engine Type Confusion Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Microsoft Windows Scripting Engine contains a type confusion vulnerability that allows an unauthorized attacker to execute code over a network via a specially crafted URL.

The following remediation steps are recommended / required by June 3, 2025: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Vulnerability Analysis


Products Associated with CVE-2025-30397

You can be notified by stack.watch whenever vulnerabilities like CVE-2025-30397 are published in these products:

 
 
 
 
 
 
 
 
 
 
 
 

What versions are vulnerable to CVE-2025-30397?