FKIE_CVE-2025-30398

Vulnerability from fkie_nvd - Published: 2025-11-11 18:15 - Updated: 2026-02-12 17:20
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Summary
Missing authorization in Nuance PowerScribe allows an unauthorized attacker to disclose information over a network.
References
secure@microsoft.comhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30398Vendor Advisory
Impacted products
Vendor Product Version
microsoft nuance_powerscribe_one 4.0.1
microsoft nuance_powerscribe_one 4.0.2
microsoft nuance_powerscribe_one 4.0.5
microsoft nuance_powerscribe_one 4.0.6
microsoft nuance_powerscribe_one 4.0.7
microsoft nuance_powerscribe_one 4.0.8
microsoft nuance_powerscribe_one 4.0.9
microsoft nuance_powerscribe_one 2019.1
microsoft nuance_powerscribe_one 2019.2
microsoft nuance_powerscribe_one 2019.3
microsoft nuance_powerscribe_one 2019.4
microsoft nuance_powerscribe_one 2019.5
microsoft nuance_powerscribe_one 2019.6
microsoft nuance_powerscribe_one 2019.7
microsoft nuance_powerscribe_one 2019.8
microsoft nuance_powerscribe_one 2019.9
microsoft nuance_powerscribe_one 2019.10
microsoft nuance_powerscribe_one 2023.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ED622CE-D7FD-4B2D-BC99-168D521B3FD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9F234B2-C4BA-44DD-A128-6BFF4576F7AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "147DD7CE-53EC-42C7-A966-06015CB6F07E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1D336CD-A318-45CD-BDC1-1C0BE9D7A161",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A881533-9A47-4A01-B9F6-841E656DBC33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:4.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "000EECC0-C95A-4D81-BDA8-5166F9B04F02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:4.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C180424A-9E0B-432D-8192-BBA1ADA5EE8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:2019.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "62329468-E85C-4A3C-A0BF-8BA11941DED5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:2019.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EDC600D-8637-4BAB-AC7D-A9D95B03DAB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:2019.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "47AC5A9D-8016-4BDB-9D8F-098CFD93855A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:2019.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B6B794A-C467-411D-9468-A7ADDA7D6157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:2019.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "870B35F1-75F2-4EBB-A4C5-F6C3118BBC25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:2019.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "548FC39C-8C08-4285-A5FC-0785738C4471",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:2019.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F44CAAE-A020-4F81-BF96-48F9D6559A7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:2019.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA71CDB3-269C-4EE8-9F46-FD7CC1284B9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:2019.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "F374C80B-0336-4687-879B-1745234B9E37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:2019.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "682143B4-04BA-4C11-AAE8-E687B6BE4688",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:2023.1:sp2_patch_7:*:*:*:*:*:*",
              "matchCriteriaId": "AA5407C0-0336-4055-BD18-EA68C7C40218",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Missing authorization in Nuance PowerScribe allows an unauthorized attacker to disclose information over a network."
    }
  ],
  "id": "CVE-2025-30398",
  "lastModified": "2026-02-12T17:20:07.333",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "secure@microsoft.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-11-11T18:15:35.107",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30398"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "secure@microsoft.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.