S
olstice Pod API (version 5.5, 6.2) contains an unauthenticated API endpoint (`/api/config`) that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without authentication.
References
| Link | Resource |
|---|---|
| https://documentation.mersive.com/en/solstice/about-solstice.html | Product |
| https://www.exploit-db.com/exploits/52104 | Exploit Third Party Advisory |
| https://www.mersive.com/ | Product |
| https://www.vulncheck.com/advisories/solstice-pod-api-session-key-extraction-via-api-endpoint | Third Party Advisory |
| https://www.exploit-db.com/exploits/52104 | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
23 Dec 2025, 00:09
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:o:mersive:solstice_pod_firmware:5.6:*:*:*:*:*:*:* cpe:2.3:o:mersive:solstice_pod_firmware:6.2:*:*:*:*:*:*:* cpe:2.3:h:mersive:solstice_pod:-:*:*:*:*:*:*:* |
|
| First Time |
Mersive
Mersive solstice Pod Mersive solstice Pod Firmware |
|
| References | () https://documentation.mersive.com/en/solstice/about-solstice.html - Product | |
| References | () https://www.exploit-db.com/exploits/52104 - Exploit, Third Party Advisory | |
| References | () https://www.mersive.com/ - Product | |
| References | () https://www.vulncheck.com/advisories/solstice-pod-api-session-key-extraction-via-api-endpoint - Third Party Advisory | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
08 Dec 2025, 18:27
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-12-04 21:16
Updated : 2025-12-23 00:09
NVD link : CVE-2025-66573
Mitre link : CVE-2025-66573
CVE.ORG link : CVE-2025-66573
JSON object : View
Products Affected
CWE
CWE-319
Cleartext Transmission of Sensitive Information