PT-2025-48486 · Data Illusion · Zumbrunn Ngsurvey
Thomas Clair
·
Published
2025-12-01
·
Updated
2025-12-01
·
CVE-2025-13829
CVSS v4.0
8.6
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/AU:Y |
Name of the Vulnerable Software and Affected Versions
Data Illusion Zumbrunn NGSurvey (affected versions not specified)
Description
An incorrect authorization issue exists in Data Illusion Zumbrunn NGSurvey, allowing any authenticated user to access the private information of other users. This includes sensitive data such as the
APIKEY (valid for a one-year user session), RefreshToken (valid for a ten-minute user session), Password hashed with bcrypt, User IP, Email, and Full Name. The issue involves unauthorized access to user data through improper authorization checks.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zumbrunn Ngsurvey