CVE-2025-66573

UNKNOWN 0.0

Solstice Pod API Session Key Extraction via API Endpoint

CVSS Score

0.0

EPSS Score

0.1%

EPSS Percentile

29th

Solstice Pod API (version 5.5, 6.2) contains an unauthenticated API endpoint (`/api/config`) that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without authentication.

CWE	CWE-319
Vendor	mersive
Product	solstice pod api session key extraction via api endpoint
Published	Dec 4, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for mersive solstice pod api session key extraction via api endpoint

Be the first to know when new unknown vulnerabilities affecting mersive solstice pod api session key extraction via api endpoint are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

mersive / Solstice Pod API Session Key Extraction via API Endpoint

5.5 6.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/52104 mersive.com: https://www.mersive.com/ documentation.mersive.com: https://documentation.mersive.com/en/solstice/about-solstice.html vulncheck.com: https://www.vulncheck.com/advisories/solstice-pod-api-session-key-extraction-via-api-endpoint

Credits

The Baldwin School Ethical Hackers, The Baldwin School