CVE-2025-30397 is a high-severity vulnerability identified in the Microsoft Scripting Engine component of Windows 10 Version 1809 (build 10.0.17763.0). The vulnerability is classified under CWE-843, which refers to 'Access of Resource Using Incompatible Type' or 'Type Confusion'. This type of flaw occurs when a program accesses a resource using a type that is incompatible with the actual resource type, potentially leading to unexpected behavior such as memory corruption. In this case, the vulnerability allows an unauthorized attacker to execute arbitrary code remotely over a network. The attack vector is network-based (AV:N), requiring no privileges (PR:N) but does require user interaction (UI:R), such as opening a malicious file or visiting a crafted webpage that triggers the vulnerable scripting engine. The vulnerability impacts confidentiality, integrity, and availability, as successful exploitation can lead to full system compromise. The CVSS 3.1 base score is 7.5, indicating a high severity level. The exploitability is rated with high attack complexity (AC:H), meaning exploitation is not trivial but feasible. The scope is unchanged (S:U), so the vulnerability affects the vulnerable component without impacting other components or systems. The exploit code maturity is functional (E:F), and the remediation level is official (RL:O), with a confirmed fix status (RC:C). No known exploits are currently reported in the wild. The vulnerability affects a legacy Windows 10 version (1809), which is still in use in some environments but is no longer the latest supported version. The lack of available patches at the time of publication increases the risk for unpatched systems. This vulnerability could be exploited via malicious scripts processed by the scripting engine, potentially delivered through email attachments, web content, or network shares.

For European organizations, this vulnerability poses a significant risk, especially for those still operating legacy Windows 10 Version 1809 systems. Successful exploitation could lead to remote code execution, allowing attackers to gain control over affected machines, steal sensitive data, disrupt operations, or move laterally within networks. Critical sectors such as finance, healthcare, government, and infrastructure could face severe consequences including data breaches, operational downtime, and regulatory penalties under GDPR. The requirement for user interaction means phishing or social engineering could be vectors, which are common attack methods in Europe. The high confidentiality, integrity, and availability impact means that exploitation could result in data loss, unauthorized data disclosure, and system outages. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate it, as attackers may develop exploits over time. Organizations with legacy systems or delayed patch management are particularly vulnerable. The network attack vector increases the threat surface, especially for organizations with remote workforces or exposed network services.

European organizations should prioritize upgrading from Windows 10 Version 1809 to a supported and patched Windows version to eliminate exposure. Until upgrades are complete, organizations should implement strict network segmentation and limit exposure of vulnerable systems to untrusted networks. Employ application whitelisting and restrict execution of scripts from untrusted sources to reduce the risk of triggering the vulnerability. Enhance email and web filtering to block malicious attachments and URLs that could deliver exploit payloads. User awareness training should emphasize the risks of interacting with unsolicited or suspicious content to mitigate the user interaction requirement. Monitor network traffic and endpoint behavior for indicators of compromise related to scripting engine exploitation. Deploy endpoint detection and response (EDR) solutions capable of detecting anomalous script execution. If available, apply any official patches or workarounds released by Microsoft promptly. Maintain up-to-date backups and incident response plans to recover quickly in case of compromise. Consider disabling or restricting the Microsoft Scripting Engine where feasible, especially on systems that do not require scripting capabilities.