CVE-2025-30397 is a vulnerability classified under CWE-843 (Access of Resource Using Incompatible Type, also known as 'type confusion') affecting the Microsoft Scripting Engine component in Windows 10 Version 1809 (build 10.0.17763.0). The vulnerability allows an attacker to remotely execute arbitrary code by exploiting the scripting engine's improper handling of resource types, leading to type confusion. This flaw can be triggered over a network without requiring any privileges but does require user interaction, such as opening a malicious file or visiting a crafted webpage. The vulnerability impacts confidentiality, integrity, and availability, as successful exploitation can lead to full system compromise. The CVSS v3.1 base score is 7.5, reflecting high severity with attack vector network (AV:N), attack complexity high (AC:H), no privileges required (PR:N), user interaction required (UI:R), and scope unchanged (S:U). The exploitability is somewhat mitigated by the need for user interaction and higher attack complexity, but the impact remains severe. No public exploits or patches have been reported at the time of publication, increasing the urgency for proactive mitigation. The vulnerability is particularly relevant for organizations still running Windows 10 Version 1809, which is an older, out-of-support version, increasing exposure risk. The scripting engine is commonly used in various Windows components and applications, making this a critical attack vector if exploited.

For European organizations, this vulnerability poses a significant risk, especially for those still operating legacy Windows 10 Version 1809 systems in production environments. Exploitation can lead to remote code execution, enabling attackers to gain unauthorized control over affected systems, potentially leading to data breaches, ransomware deployment, or disruption of critical services. Sectors such as finance, healthcare, government, and critical infrastructure are particularly vulnerable due to the high value of their data and services. The requirement for user interaction means phishing or social engineering campaigns could be leveraged to trigger the exploit, increasing the attack surface. Additionally, organizations with remote workforces or exposed network services are at higher risk. The lack of known exploits in the wild currently provides a window for remediation, but the presence of a public CVE and detailed technical information may encourage attackers to develop exploits. The impact on confidentiality, integrity, and availability is high, potentially resulting in severe operational and reputational damage.

1. Upgrade affected systems to a supported and fully patched version of Windows, preferably Windows 10 versions later than 1809 or Windows 11, to eliminate the vulnerable scripting engine version. 2. If upgrading is not immediately feasible, apply any available security updates or workarounds provided by Microsoft as soon as they are released. 3. Restrict network exposure of Windows 10 Version 1809 systems by implementing network segmentation and firewall rules to limit inbound connections to trusted sources only. 4. Employ application whitelisting and endpoint protection solutions capable of detecting and blocking exploitation attempts targeting the scripting engine. 5. Enhance user awareness training to reduce the risk of social engineering attacks that could trigger user interaction required for exploitation. 6. Monitor network and endpoint logs for unusual scripting engine activity or indicators of compromise related to this vulnerability. 7. Disable or restrict scripting engine usage where possible, especially in environments where it is not required. 8. Implement strict email filtering and web content filtering to reduce the likelihood of malicious payload delivery. These measures collectively reduce the attack surface and improve detection and response capabilities.