216.73.217.50

CVE-2025-13829

· Published 01/12/2025 16:15 · Modified 02/12/2025 17:16

Labels: CVE-2025-13829 2025-12-0164c5ae8f-7972-4697-86a0-7ada793ac795CVE-2025-13829CWE-863

Essential information

Published
01/12/2025 16:15
Modified
02/12/2025 17:16
Author
Creator
CVSS
8.6 HIGH (v3) 8.6 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Incorrect Authorization vulnerability in Data Illusion Zumbrunn NGSurvey allows any logged-in user to obtain the private information of any other user. Critical information retrieved: * APIKEY (1 year user Session) * RefreshToken (10 minutes user Session) * Password hashed with bcrypt * User IP * Email * Full Name

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
64c5ae8f-7972-4697-86a0-7ada793ac795
NVD
View on NVD

References