Microsoft has revealed a significant memory corruption vulnerability within its Scripting Engine, identified as CVE-2025-30397. This flaw allows unauthorized attackers to execute code remotely over a network, posing a serious risk to users.
Classified as “Important” and tracked under CWE-843 (Type Confusion), the vulnerability was disclosed as part of the company’s May 2025 Patch Tuesday security updates. The issue stems from the Scripting Engine’s improper handling of resources with incompatible types, leading to a scenario of type confusion.
The memory corruption vulnerability can be exploited when a user interacts with a specially crafted URL, particularly while using Microsoft Edge in Internet Explorer Mode. Although the attack complexity is high, successful exploitation could lead to a complete compromise of the system, affecting the confidentiality, integrity, and availability of Windows systems.
Exploitability and Impact
To take advantage of CVE-2025-30397, an attacker needs to lure a user into clicking on a specially crafted URL. Once the user engages with the link in Edge’s Internet Explorer Mode, the attacker can activate the vulnerability, facilitating remote code execution on the victim’s system.
This means that even systems not directly utilizing Internet Explorer are at risk due to the underlying MSHTML platform, which remains active in numerous Windows environments.
Although the vulnerability was not publicly disclosed before the patch, both Microsoft and independent security researchers have confirmed its exploitation in the wild. Successful exploitation has been observed, albeit under specific conditions, including user interaction and a particular browser configuration.
CVE-2025-30397 is among the most critical vulnerabilities addressed in the May 2025 Patch Tuesday, which rectified a total of 72 flaws, encompassing five zero-days and 28 remote code execution vulnerabilities. The Scripting Engine vulnerability is particularly notable for its capacity to enable attackers to fully compromise targeted systems remotely.
Mitigations
In response to this vulnerability, Microsoft has issued patches for all supported versions of Windows. Users and administrators are strongly encouraged to apply the latest security updates without delay to mitigate the risk of exploitation.
Organizations should also evaluate their browser configurations and consider disabling Internet Explorer Mode wherever feasible to minimize exposure.
The discovery and exploitation of CVE-2025-30397 highlight the persistent risks associated with legacy components in contemporary software environments. Timely patching and heightened user awareness are essential defenses against sophisticated network-based attacks that leverage such vulnerabilities.
Vulnerability Attack Simulation on How Hackers Rapidly Probe Websites for Entry Points – Free Webinar
