CVE-2025-30398 | THREATINT

Home

Description

Missing authorization in Nuance PowerScribe allows an unauthorized attacker to disclose information over a network.

PUBLISHED Reserved 2025-03-21 | Published 2025-11-11 | Updated 2025-11-26 | Assigner microsoft

HIGH: 8.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C

Problem types

CWE-862: Missing Authorization

Product status

4.0.5 (custom) before 7.0.243.17

affected

4.0.8 (custom) before 7.0.427.13

affected

4.0.9 (custom) before 7.0.528.18

affected

4.0.6 (custom) before 7.0.277.26

affected

4.0.7 (custom) before 7.0.316.9

affected

2019.3 (custom) before 2019.3.16.20

affected

2019.2 (custom) before 2019.2.9.8

affected

2019.1 (custom) before 2019.1.96.5

affected

4.0.1 (custom) before 7.0.111.66

affected

4.0.2 (custom) before 7.0.154.16

affected

4.0.3 (custom) before 7.0.197.8

affected

4.0.4 (custom) before 7.0.212.9

affected

2019.5 (custom) before 2019.5.14.39

affected

2019.4 (custom) before 2019.4.9.16

affected

2019.6 (custom) before 2019.6.36.39

affected

2019.8 (custom) before 2019.8.43.15

affected

2019.7 (custom) before 2019.7.107.21

affected

2019.9 (custom) before 2019.9.31.19

affected

2019.10 (custom) before 2019.10.36.4

affected

2023.1 (custom) before 2023.2.3027.0

affected

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30398 (Nuance PowerScribe 360 Information Disclosure Vulnerability) vendor-advisory

cve.org (CVE-2025-30398)

nvd.nist.gov (CVE-2025-30398)

Download JSON