Vulnerabilities

CVE-2025-13829

by Fred · 01/12/2025

Incorrect Authorization vulnerability in Data Illusion Zumbrunn NGSurvey allows any logged-in user to obtain the private information of any other user.

Critical information retrieved:
* APIKEY (1 year user Session)
* RefreshToken (10 minutes user Session)
* Password hashed with bcrypt
* User IP
* Email
* Full Name

More information : https://docs.ngsurvey.com/installation-setup/change-log#id-3.6.17-2025-05-28

Similar

Tags: Cybersecurity Alert