CVE-2025-30397

Overview

CVE-2025-30397 is a zero-day vulnerability in the Microsoft Scripting Engine, a key component used by Internet Explorer and Internet Explorer mode in Microsoft Edge. It was actively exploited in the wild and patched by Microsoft in April 2025.

Technical Details

• Vulnerability Type: Remote Code Execution (RCE)
• Affected Component: Microsoft Scripting Engine
• Attack Vector: Remote
• Impact: Allows an attacker to execute arbitrary code in the context of the current user
• Exploitation: Exploited via specially crafted web content, often through malicious websites or ads
• Patch Date: April 2025 (Patch Tuesday)

Exploitation

This vulnerability was used in targeted attacks, typically by tricking users into visiting a malicious website. Successful exploitation could allow an attacker to gain the same user rights as the current user.

If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of the affected system.

Affected Systems

• Windows 10
• Windows 11
• Windows Server (multiple versions)
• Internet Explorer and Microsoft Edge (IE Mode)

Patch Information

Microsoft released security updates for this vulnerability as part of the April 2025 Patch Tuesday. Users and administrators are strongly advised to apply the update immediately.

For systems that cannot be patched, Microsoft recommends disabling Internet Explorer and using modern browsers with enhanced security features.

Mitigation

• Apply the latest security updates from Microsoft.
• Disable Internet Explorer and IE Mode in Microsoft Edge if not required.
• Use Enhanced Security Configuration on servers.
• Exercise caution when visiting untrusted websites.

References