cvedb.io
CVE-2025-66573
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2025-12-04T21:16:10.083 · Last modified 2026-06-17T09:57:03.220

Summary

Solstice Pod API (version 5.5, 6.2) contains an unauthenticated API endpoint (`/api/config`) that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without authentication.

Affected products

mersive — solstice_pod_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when mersive ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.