Solstice Pod API Session Key Extraction via API Endpoint

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Description

Solstice Pod API (version 5.5, 6.2) contains an unauthenticated API endpoint (`/api/config`) that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without authentication.

Basic Information

ID CVE-2025-66573

Source VulnCheck

Published Dec 4, 2025 at 20:45

Affected Product

Vendor mersive

Product Solstice Pod API Session Key Extraction via API Endpoint

Version 5.5

Affected Versions mersive Solstice Pod API Session Key Extraction via API Endpoint 5.5
mersive Solstice Pod API Session Key Extraction via API Endpoint 6.2

CWE Classification

CWE-319

References

{
    "lastseen": "",
    "description": "Solstice Pod API (version 5.5, 6.2) contains an unauthenticated API endpoint (`/api/config`) that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without authentication.",
    "published": "2025-12-04T20:45:13.939Z",
    "modified": "2025-12-04T20:45:13.939Z",
    "type": "cve",
    "title": "Solstice Pod API Session Key Extraction via API Endpoint",
    "source": "VulnCheck",
    "references": "https://www.exploit-db.com/exploits/52104\nhttps://www.mersive.com/\nhttps://documentation.mersive.com/en/solstice/about-solstice.html\nhttps://www.vulncheck.com/advisories/solstice-pod-api-session-key-extraction-via-api-endpoint",
    "id": "CVE-2025-66573",
    "bulletinFamily": "",
    "cwe": [
        "CWE-319"
    ],
    "cvelist": null,
    "sourceData": "mersive Solstice Pod API Session Key Extraction via API Endpoint 5.5\nmersive Solstice Pod API Session Key Extraction via API Endpoint 6.2",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Solstice Pod API Session Key Extraction via API Endpoint",
    "version": "5.5",
    "vendor": "mersive",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Solstice Pod API Session Key Extraction via API Endpoint_CVE-2025-66573