CVE-2025-13829

Incorrect Authorization vulnerability in Data Illusion Zumbrunn NGSurvey allows any logged-in user to obtain the private information of any other user.



 Critical information retrieved: 
  *  APIKEY (1 year user Session)
  *  RefreshToken (10 minutes user Session)
  *  Password hashed with bcrypt
  *  User IP
  *  Email
  *  Full Name