CVE-2025-13829
📋 TL;DR
This CVE describes an incorrect authorization vulnerability in Data Illusion Zumbrunn NGSurvey that allows any authenticated user to access private information of other users. Attackers can retrieve sensitive data including API keys, refresh tokens, hashed passwords, IP addresses, emails, and full names. All NGSurvey installations with vulnerable versions are affected.
💻 Affected Systems
- Data Illusion Zumbrunn NGSurvey
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete account takeover through stolen API keys and refresh tokens, leading to unauthorized access to all survey data, potential data exfiltration, and lateral movement within the system.
Likely Case
Unauthorized access to sensitive user information, potential credential theft through password hash analysis, and impersonation attacks using stolen session tokens.
If Mitigated
Limited exposure if proper network segmentation and access controls prevent authenticated users from reaching vulnerable endpoints.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once an attacker has valid credentials. The vulnerability is in authorization logic, making exploitation simple.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.6.17
Vendor Advisory: https://docs.ngsurvey.com/installation-setup/change-log#id-3.6.17-2025-05-28
Restart Required: Yes
Instructions:
1. Backup your NGSurvey installation and database. 2. Download version 3.6.17 from the official source. 3. Replace existing files with the updated version. 4. Restart the NGSurvey service. 5. Verify the update by checking the version in the admin panel.
🔧 Temporary Workarounds
Network Access Restriction
allRestrict access to NGSurvey to trusted IP addresses only
# Example for nginx: allow 192.168.1.0/24; deny all;
# Example for Apache: Require ip 192.168.1.0/24
Session Timeout Reduction
allReduce session timeout values to limit exposure of stolen tokens
# In NGSurvey configuration: Set session timeout to minimum practical value
🧯 If You Can't Patch
- Implement strict network segmentation to isolate NGSurvey from other systems
- Enable detailed logging and monitoring for unusual user information access patterns
🔍 How to Verify
Check if Vulnerable:
Check if NGSurvey version is below 3.6.17 in the admin panel or by examining the application filesCheck Version:
Check NGSurvey admin dashboard or examine version.txt in installation directoryVerify Fix Applied:
Confirm version is 3.6.17 or higher and test that authenticated users cannot access other users' private information📡 Detection & Monitoring
Log Indicators:
- Unusual API calls to user information endpoints
- Multiple user information requests from single authenticated user
- Access patterns showing users accessing data outside their scope
Network Indicators:
- HTTP requests to user profile/API endpoints with different user IDs than the authenticated user
SIEM Query:
source="ngsurvey" AND (uri_path="/api/users/*" OR uri_path="/api/profile/*") AND user_id!=authenticated_user