diff --git a/test/unittest/jsvm/test_jsvm.cpp b/test/unittest/jsvm/test_jsvm.cpp
index 68420e48af63e9aba3b25be6095fdea10ebb30bf..14c7f05ac4fda16e63e251d2e02863bf5d0a42b6 100644
--- a/test/unittest/jsvm/test_jsvm.cpp
+++ b/test/unittest/jsvm/test_jsvm.cpp
@@ -1550,3 +1550,25 @@ HWTEST_F(JSVMTest, test_delete_private_with_non_private, TestSize.Level1)
     auto status = OH_JSVM_DeletePrivate(env, obj, key);
     ASSERT_TRUE(status == JSVM_INVALID_ARG);
 }
+
+HWTEST_F(JSVMTest, JSVMCloseHandleScopeUAF, TestSize.Level1)
+{
+    JSVM_HandleScope handle = nullptr;
+    JSVMTEST_CALL(OH_JSVM_OpenHandleScope(env, &handle));
+
+    JSVM_Value jsSrc = nullptr;
+    JSVMTEST_CALL(OH_JSVM_CreateStringUtf8(env, srcProf.c_str(), srcProf.size(), &jsSrc));
+
+    bool cacheRejected = true;
+    JSVM_Script script = nullptr;
+    JSVMTEST_CALL(OH_JSVM_CompileScript(env, jsSrc, nullptr, 0, true, &cacheRejected, &script));
+
+    JSVMTEST_CALL(OH_JSVM_RetainScript(env, script));
+    JSVMTEST_CALL(OH_JSVM_ReleaseScript(env, script));
+
+    const int length = 32;
+    char* data = new((char *)script) char[length];
+    memset(data, 0, length);
+
+    JSVMTEST_CALL(OH_JSVM_CloseHandleScope(env, handle));
+}
\ No newline at end of file