CVE-2025-47977

FAQ

According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L)? What does that mean for this vulnerability?

Information in the victim's browser associated with the vulnerable URL can be read by the malicious JavaScript code and sent to the attacker.

What actions do I need to take to be protected from this vulnerability?

Affected customers need to enable the Block XSS field in the configurations setting for their program to prevent JavaScript injection. All affected customers have been notified by the Nuance team to make this update.

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

Exploitation of the vulnerability requires that a user to open a specially crafted link.

An attacker would have no way to force users to click the link. Instead, an attacker would have to convince users to click the link through social engineering.

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.