CVE Alert: CVE-2025-30398 – Microsoft – Nuance PowerScribe 360 version 4.0.5

Risk verdict

High-severity information-disclosure with remote network exposure; exploitation requires user interaction, but the impact can be significant. KEV/EPSS signals are not provided; treat as priority 1 if those indicators later show exploitation potential.

Why this matters

Exposed healthcare data can include sensitive patient information; an attacker could exfiltrate disclosures from PowerScribe servers, undermining patient confidentiality and regulatory compliance. Realistic attacker goals include data theft, credential harvesting, or facilitating follow-on intrusions within clinical workflows.

Most likely attack path

Attacker can reach vulnerable PowerScribe services over the network; no privileges are required, but user interaction is needed to trigger the disclosure. Initial access could be opportunistic via phishing or compromised workstation activity; once triggered, sensitive information may be read and exfiltrated without requiring elevated rights, with limited preconditions for lateral movement.

Who is most exposed

Hospitals and radiology clinics deploying Nuance PowerScribe 360 or PowerScribe One on‑premises or into connected networks are most at risk, especially where these services are reachable from the broader clinical or VPN network.

Detection ideas

• Unusual read/access patterns to patient data from PowerScribe endpoints.
• Data export spikes originating from Nuance services.
• Access attempts from non-whitelisted or anomalous IPs targeting PowerScribe.
• Logs showing successful information disclosure events without corresponding authorisations.
• New or altered accounts/tokens linked to PowerScribe components.

Mitigation and prioritisation

• Patch to the latest available version across all affected lines; apply vendor guidance promptly.
• Enforce network segmentation and restrict PowerScribe exposure to authenticated segments only.
• Implement strict access controls and MFA where feasible; monitor for anomalous reads/exports.
• Augment logging and set up real-time alerts for unusual data access from the service.
• Schedule rapid change management and testing cycles; communicate timelines to clinical staff. If KEV or EPSS indicate active exploitation, elevate to priority 1.