CVE-2025-13829

Vulnerability Description

Incorrect Authorization vulnerability in Data Illusion Zumbrunn NGSurvey allows any logged-in user to obtain the private information of any other user. Critical information retrieved: * APIKEY (1 year user Session) * RefreshToken (10 minutes user Session) * Password hashed with bcrypt * User IP * Email * Full Name

Related Weaknesses (CWE)

CWE-863

References

https://docs.ngsurvey.com/installation-setup/change-log#id-3.6.17-2025-05-28

FAQ

What is CVE-2025-13829?

CVE-2025-13829 is a documented vulnerability. Incorrect Authorization vulnerability in Data Illusion Zumbrunn NGSurvey allows any logged-in user to obtain the private information of any other user. Critical information retrieved: * APIKEY...

How severe is CVE-2025-13829?

CVSS scoring is not yet available for CVE-2025-13829. Check NVD for updates.

Is there a patch for CVE-2025-13829?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.