THREATOPS
THREAT OPSCVEs › CVE-2025-30397

CVE-2025-30397 — Microsoft Windows Scripting Engine Type Confusion Vulnerability

CISA KEVExploited: confirmedMicrosoft

Microsoft Windows Scripting Engine contains a type confusion vulnerability that allows an unauthorized attacker to execute code over a network via a specially crafted URL.

Vulnerability details