CVE-2025-30397 | Attaxion

CISA Known Exploited Vulnerability (KEV)

Name

Microsoft Windows Scripting Engine Type Confusion Vulnerability

Exploit added

May 13, 2025

Action due

June 3, 2025

Action required

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

Access of resource using incompatible type (‘type confusion’) in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.

References

Weakness Enumeration

CWE-ID	CWE Name
CWE-843	Access of Resource Using Incompatible Type (‘Type Confusion’)

Known Affected Software Configurations

cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.4046::::::x64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.4046::::::arm64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.4046::::::arm64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.4046::::::x86:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.5458::::::x86:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.4046::::::x86:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.5458::::::x64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.5576::::::x86:
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.2314::::::x64:
cpe:2.3:o:microsoft:windows_server_2025:-::::::x64:
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1128::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1085::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1189::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.887::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1189::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1251::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.763::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.950::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.763::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1128::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.887::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.830::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1009::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1085::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1009::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1251::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.950::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.830::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1085::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1009::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.950::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.887::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.763::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1251::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1128::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1189::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.830::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2340::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2700::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2322::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2849::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2322::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2340::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2582::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2582::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2655::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2402::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2655::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2700::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2849::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2461::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2402::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2461::::datacenter::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2849::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2340::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2322::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2522::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2333::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2402::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2700::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.770::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.1903::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2655::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2582::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2461::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2458::::azure::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7876::::::x64:
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.7009::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5608::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5608::::::x86:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5608::::::arm64:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.3403::::::arm64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.2965::::::x86:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.3403::::::x64:
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22631.5039::::::x64:
cpe:2.3:o:microsoft:windows_11_23h2:10.0.22631.5039::::::arm64:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.5039::::::x64:
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.3403::::::x64:
cpe:2.3:o:microsoft:windows_server_2025:10.0.26100.3107::::::x64:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.5039::::::arm64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5608::::::x86:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5608::::::x64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5608::::::arm64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.6893::::::x64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.6775::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5487::::::x86:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5371::::::x86:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5487::::::arm64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5487::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7785::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7699::::::x86:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.3194::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7699::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.10240.20915::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.10240.20915::::::x86:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20915::::::x86:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5371::::::arm64:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20915::::::x64:
cpe:2.3:o:microsoft:windows_11_24h2:10.0.26100.3194::::::arm64:
cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.4890::::::arm64:

Details

Source:
NVD

Published:
May 13, 2025

Updated:
May 29, 2025

Risk information

CVSS v3

Base score:
7.5

Severity:

HIGH

Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2

Not defined