Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-30397 PoC — Scripting Engine Memory Corruption Vulnerability

Source
https://github.com/B1ack4sh/Blackash-CVE-2025-30397
Associated Vulnerability
Title:Scripting Engine Memory Corruption Vulnerability (CVE-2025-30397)
Description:Access of resource using incompatible type ('type confusion') in Microsoft Scripting Engine allows an unauthorized attacker to execute code over a network.
Description
CVE-2025-30397
Readme
# **🚨 CVE-2025-30397 – Critical JScript RCE Vulnerability Exploited in the Wild 💥**

---

### 🔥 CVE-2025-30397 Overview

* **Type**: Type confusion vulnerability
* **Component**: Microsoft Scripting Engine (JScript)
* **Impact**: Remote Code Execution (RCE)
* **Attack Vector**: Remote — triggered via malicious scripts in web content
* **Severity**: CVSS 3.1 score of 7.5 (High)
* **Exploited**: Confirmed in the wild
* **Patched**: May 2025 Patch Tuesday
* **Deadline by CISA**: Patching required before June 3, 2025

---

### 🛠️ Technical Summary

* A type confusion bug in `jscript.dll` leads to memory corruption.
* Exploitable by tricking a user into visiting a specially crafted webpage.
* Common payloads include launching system commands (e.g., spawning calculator).
* Works on legacy systems that still run Internet Explorer or rely on JScript.

---

### 🖥 Affected Systems

* Windows 10 (versions 1507, 1607, 1809, 21H2, 22H2)
* Windows 11 (22H2, 23H2, 24H2)
* Windows Server (2008 SP2, 2008 R2 SP1, 2012, 2016, 2019, 2022, 2025)

---

### 🚨 Exploitation

* Proof-of-concept (PoC) code is public.
* Attackers can remotely execute code under the privileges of the user.
* Can be used in phishing attacks or embedded in malicious websites.

---

### ✅ Mitigation & Remediation

* Apply Microsoft’s May 2025 security updates.
* Disable JScript in environments where it’s not required.
* For legacy systems:

  * Isolate from internet access.
  * Limit execution of IE-based content.
* Monitor endpoints for signs of unusual script behavior or process spawning.

---

### 🔐 Recommendations

1. Patch all affected systems immediately.
2. Audit use of Internet Explorer and legacy scripting engines.
3. Deploy endpoint protection with memory corruption detection.
4. Inform users about risks of visiting unknown websites.
5. If unable to patch, consider disabling or unregistering `jscript.dll`.

---

### 🔒 Disclaimer

This information is provided for **educational and defensive purposes only**. Unauthorized exploitation of vulnerabilities without proper authorization is **illegal and unethical**. Always conduct security testing in a **controlled environment** and with **explicit permission**. The responsibility for any misuse of this information lies solely with the user.
File Snapshot

 [4.0K]  /data/pocs/905a3d8708d12b8a0abb865cc50ef76f02f04ade
└── [2.3K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →