High severityNVD Advisory· Published Dec 1, 2025· Updated Apr 15, 2026
CVE-2025-13829
CVE-2025-13829
Description
Incorrect Authorization vulnerability in Data Illusion Zumbrunn NGSurvey allows any logged-in user to obtain the private information of any other user.
Critical information retrieved: * APIKEY (1 year user Session) * RefreshToken (10 minutes user Session) * Password hashed with bcrypt * User IP * Email * Full Name
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <3.6.17
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.