CVE-2025-30397

HIGH

CVSS v3

7.5

HIGH

EPSS Score

20.7%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.

Technical Details

CVSS v3 Vector
3.1
Published
5/13/2025
Last Modified
10/27/2025

Frequently Asked Questions

What is CVE-2025-30397?

Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.

Is CVE-2025-30397 actively exploited?

Active exploitation of CVE-2025-30397 has not been confirmed. The EPSS score is 20.7%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2025-30397?

CVE-2025-30397 has a CVSS v3 base score of 7.5 (HIGH severity), with vector string 3.1.

Is CVE-2025-30397 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.

Check an IPSearch CVEs
Back to CVE Database