CVE-2025-30397: Microsoft Windows Scripting Engine Type Confusion

Microsoft Windows Scripting Engine Type Confusion Vulnerability. Microsoft Windows Scripting Engine contains a type confusion vulnerability that allows an unauthorized attacker to execute code over a network via a specially crafted URL.

• CISA KEV-listed (remediation due 2025-06-03)
• EPSS 20.7% (95.7% percentile)

Browse the CVE database

Read the full analysis on IntelFusions