Microsoft has issued a critical security update addressing a memory corruption vulnerability in its Scripting Engine, detailed under CVE-2025-30397, as part of the May Patch Tuesday updates. This flaw can lead to unauthorized remote code execution, and it is of particular concern due to its use of type confusion—a programming error classified under CWE-843. The vulnerability is activated when a user navigates to a specially crafted URL in Microsoft Edge while using Internet Explorer Mode, resulting in complete system compromise and affecting the confidentiality, integrity, and availability of affected Windows systems.
Microsoft’s Scripting Engine mishandles resource access through incompatible types, exposing legacy components still present in many Windows environments. Although several conditions must be met for exploitation—including user interaction and specific configurations—the high risk associated with this vulnerability is underscored by reports of in-the-wild exploitation. This vulnerability is significant among the 72 others addressed this month due to its potential for full remote system control.
To mitigate this threat, patches are now available for all supported Windows versions, and Microsoft recommends the immediate application of these updates to reduce risk. Organizations should consider disabling Internet Explorer Mode to further decrease exposure. Ongoing reliance on outdated components highlights the need for regular system updates and awareness of network-based attack strategies. As cyber threats continue to evolve, staying vigilant and maintaining timely updates remain crucial.
