Home

Description

Solstice Pod API (version 5.5, 6.2) contains an unauthenticated API endpoint (`/api/config`) that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without authentication.

PUBLISHED Reserved 2025-12-04 | Published 2025-12-04 | Updated 2025-12-05 | Assigner VulnCheck




MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-319 Cleartext Transmission of Sensitive Information

Product status

Default status
unaffected

5.5
affected

6.2
affected

Credits

The Baldwin School Ethical Hackers, The Baldwin School finder

References

www.exploit-db.com/exploits/52104 exploit

www.exploit-db.com/exploits/52104 (ExploitDB-52104) exploit

www.mersive.com/ (Mersive Homepage) product

documentation.mersive.com/en/solstice/about-solstice.html (Solstice Documentation) product

www.vulncheck.com/...session-key-extraction-via-api-endpoint third-party-advisory

cve.org (CVE-2025-66573)

nvd.nist.gov (CVE-2025-66573)