Microsoft has disclosed a vital reminiscence corruption vulnerability in its Scripting Engine (CVE-2025-30397), which permits unauthorized attackers to execute code remotely over a community.
The flaw, categorized as “Essential” and tracked underneath CWE-843 (Sort Confusion), was launched as a part of the corporate’s Could 2025 Patch Tuesday safety updates.
The vulnerability arises from the Scripting Engine’s improper entry of assets utilizing incompatible sorts, resulting in a kind confusion situation.
This reminiscence corruption concern may be exploited when a consumer interacts with a specifically crafted URL, particularly whereas utilizing Microsoft Edge in Web Explorer Mode. Regardless of the excessive assault complexity, profitable exploitation may lead to full system compromise, impacting the confidentiality, integrity, and availability of affected Home windows techniques.
Exploitability and Impression
To use CVE-2025-30397, an attacker should entice a consumer to click on on a specifically crafted URL. As soon as the consumer interacts with the hyperlink in Edge’s Web Explorer Mode, the attacker can set off the vulnerability, enabling distant code execution on the sufferer’s system.
Which means even techniques in a roundabout way working Web Explorer stay in danger as a result of underlying MSHTML platform, which remains to be energetic in lots of Home windows environments.
Whereas the vulnerability was not publicly disclosed previous to the patch, Microsoft and impartial safety researchers have confirmed that it has been exploited within the wild. Exploitation has been detected, although it requires a number of situations to be met, together with consumer interplay and a particular browser configuration.
CVE-2025-30397 is among the most extreme vulnerabilities addressed within the Could 2025 Patch Tuesday, which mounted a complete of 72 flaws, together with 5 zero-days and 28 distant code execution vulnerabilities.
The Scripting Engine vulnerability stands out as a result of its potential to permit attackers to totally compromise focused techniques remotely.
Mitigations
Microsoft has launched patches addressing this vulnerability for all supported variations of Home windows. Customers and directors are strongly urged to use the newest safety updates instantly to mitigate the chance of exploitation.
Organizations must also overview browser configurations and contemplate disabling Web Explorer Mode the place doable to cut back publicity.
The invention and exploitation of CVE-2025-30397 underscore the continued dangers posed by legacy parts inside fashionable software program environments. Immediate patching and consumer consciousness stay vital defenses in opposition to refined network-based assaults leveraging such vulnerabilities.
Vulnerability Assault Simulation on How Hackers Quickly Probe Web sites for Entry Factors – Free Webinar
