CVE-2025-30398 - K7 Labs

<< Back

CVE Number	Vulnerability	Product	Severity	Date
CVE-2025-30398	Nuance PowerScribe 360 Information Disclosure Vulnerability	Nuance PowerScribe 360	Critical	06-01-2026

Technical Information

The attacker exploits a missing authorization check by making an unauthenticated API call to a specific network-accessible endpoint after a user-initiated connection, enabling disclosure and modification of sensitive PowerScribe configuration information.

Patch release date: Nov 11, 2025
Further information on this vulnerability is available at : CVE-2025-30398

Affected Software

Nuance PowerScribe 360 version 4.0.5,
Nuance PowerScribe 360 version 4.0.8,
Nuance PowerScribe 360 version 4.0.9,
Nuance PowerScribe 360 version 4.0.6,
Nuance PowerScribe 360 version 4.0.7,
Nuance PowerScribe One version 2019.3,
Nuance PowerScribe One version 2019.2,
Nuance PowerScribe One version 2019.1,
Nuance PowerScribe 360 version 4.0.1,
Nuance PowerScribe 360 version 4.0.2,
Nuance PowerScribe 360 version 4.0.3,
Nuance PowerScribe 360 version 4.0.4,
Nuance PowerScribe One version 2019.5,
Nuance PowerScribe One version 2019.4,
Nuance PowerScribe One version 2019.6,
Nuance PowerScribe One version 2019.8,
Nuance PowerScribe One version 2019.7,
Nuance PowerScribe One version 2019.9,
Nuance PowerScribe One version 2019.10,
PowerScribe One version 2023.1 SP2 Patch 7