Solstice Pod API Session Key Extraction via API Endpoint

Advisories

Solstice Pod API Session Key Extraction via API Endpoint

severity: medium
date: 12/4/2025
Affecting: Solstice Pod v5.5
Solstice Pod v6.2
CVE: CVE-2025-66573
CVE type: CWE-319 Cleartext Transmission of Sensitive Information
CVSS: 6.9
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
References: ExploitDB-52104
Mersive Vendor Homepage
Solstice Product Documentation
Credit: Thomas Heverin, The Baldwin School Ethical Hackers
Description: Solstice Pod API (version 5.5, 6.2) contains an unauthenticated API endpoint (`/api/config`) that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without authentication.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence to help you prioritize and remediate vulnerabilities that matter.

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo