CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-66573

Solstice Pod API (version 5.5, 6.2) contains an unauthenticated API endpoint (`/api/config`) that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without authentication.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 14.0%

CVSS Severity

CVSS v3 Score 7.5

References

https://documentation.mersive.com/en/solstice/about-solstice.html
https://www.exploit-db.com/exploits/52104
https://www.mersive.com/
https://www.vulncheck.com/advisories/solstice-pod-api-session-key-extraction-via-api-endpoint
https://www.exploit-db.com/exploits/52104

Products affected by CVE-2025-66573

Mersive » Solstice Pod » Version: N/A

cpe:2.3:h:mersive:solstice_pod:-
Mersive » Solstice Pod Firmware » Version: 5.6

cpe:2.3:o:mersive:solstice_pod_firmware:5.6
Mersive » Solstice Pod Firmware » Version: 6.2

cpe:2.3:o:mersive:solstice_pod_firmware:6.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-66573

Products

Pricing

Contact Us