What is CVE-2025-30397 and how severe is this Microsoft vulnerability?

CVE-2025-30397 is a memory corruption vulnerability in Microsoft's Scripting Engine with a CVSS score of 7.5. It's a type confusion error in the legacy JScript engine (jscript.dll) that is now being actively exploited by attackers, despite being patched in Microsoft's May 2025 security update.

Is this Microsoft vulnerability being actively exploited?

Yes, Microsoft is warning that CVE-2025-30397 is now actively exploited in the wild, despite being fixed in the May 2025 Patch Tuesday release. This indicates that attackers are targeting unpatched systems or those still using Internet Explorer Mode in Edge.

Why is this vulnerability still a threat if Internet Explorer is retired?

Although Internet Explorer 11 has been retired, Microsoft Edge still includes an Internet Explorer Mode for legacy web applications and compatibility purposes. Organizations that rely on legacy systems or older web applications may still be using IE Mode, making them vulnerable to this attack.

How can users protect themselves from CVE-2025-30397?

Users should patch their Windows computers immediately by installing the May 2025 security updates from Microsoft. As a temporary mitigation measure, users can disable Internet Explorer Mode in Microsoft Edge where possible to reduce attack surface exposure.

When was CVE-2025-30397 patched by Microsoft?

The vulnerability was fixed in Microsoft's May 2025 Patch Tuesday release. Despite the availability of patches, the vulnerability is now being actively exploited, highlighting the importance of prompt security update deployment.

What makes this Microsoft vulnerability particularly concerning?

This vulnerability is particularly concerning because it's being actively exploited despite patches being available, it affects the legacy JScript engine that some organizations still depend on, and the availability of proof-of-concept code increases the risk of widespread exploitation by less sophisticated attackers.

Attack

Microsoft Scripting Engine flaw exploited in wild, Proof-of-Concept published

Q: How does the Microsoft Scripting Engine vulnerability work?

The vulnerability allows attackers to execute arbitrary code remotely when users click specially crafted URLs while using Microsoft Edge in Internet Explorer Mode. The attack exploits a type confusion error in the legacy JScript engine, requiring user interaction with malicious URLs.

Q: Is there a proof-of-concept available for this Microsoft vulnerability?

Yes, a GitHub user has released a proof-of-concept for CVE-2025-30397. While the PoC does not constitute a ready-to-run exploit, it provides sufficient technical details that skilled attackers or automated tools could use to develop working exploits.

published: June 1, 2025

Take action: If you needed one more argument to patch your Windows, how about that hackers are persistent enough to target even the legacy Internet Explorer 11 mode in unpatched systems? Don't wait, patching Windows is not that hard.

Learn More

Microsoft is warning that a memory corruption vulnerability in its Scripting Engine that was fixed in the May 2025 Patch release is now actively exploited.

The flaw is tracked as CVE-2025-30397 (CVSS score 7.5) is a type confusion error in the Microsoft Scripting Engine, affecting the legacy JScript engine (jscript.dll). This flaw allows attackers to execute arbitrary code remotely when users click specially crafted URLs while using Microsoft Edge in Internet Explorer Mode.

The attack requires users to interact with malicious URLs while Microsoft Edge is configured in Internet Explorer Mode. Despite the high attack complexity required and Internet Explorer 11 being retired, apparently there are still organizations and users that can and have been targeted.

A GitHub user has released a proof-of-concept. The PoC does not constitute a ready-to-run exploit, it provides sufficient technical details that skilled attackers or automated tools could use to develop working exploits.

Users should patch their Windows computers ASAP. As a temporary mitigation measure, users can disable Internet Explorer Mode in Microsoft Edge where possible to reduce attack surface exposure.

Microsoft Scripting Engine flaw exploited in wild, Proof-of-Concept published

Read More
ShowDoc Document Management Platform Targeted by Active RCE …
Active exploitation reported of command injection flaw in …
Microsoft warns of 2 year old vulnerability actively …
Critical vulnerability in ScienceLogic SL1 exploited - at …
DarkSword Exploit Kit Targets iPhones with Multi-Stage Malware …