1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Microsoft Windows Scripting Engine Type Confusion Vulnerability

Known Exploited Vulnerabilities CVE-2025-30397

Microsoft Windows Scripting Engine contains a type confusion vulnerability that allows an unauthorized attacker to execute code over a network via a specially crafted URL.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2025-30397 Microsoft Windows Scripting Engine Type Confusion Vulnerability exploitation_technique T1203 Exploitation for Client Execution
Comments
This vulnerability has enabled attackers to use heap spraying techniques to trigger a memory corruption, allowing them to execute code remotely.
References
  1. https://github.com/mbanyamer/CVE-2025-30397---Windows-Server-2025-JScript-RCE-Use-After-Free-
CVE-2025-30397 Microsoft Windows Scripting Engine Type Confusion Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
This vulnerability has enabled attackers to use heap spraying techniques to trigger a memory corruption, allowing them to execute code remotely.
References
  1. https://github.com/mbanyamer/CVE-2025-30397---Windows-Server-2025-JScript-RCE-Use-After-Free-