VYPR
Unrated severityNVD Advisory· Published Dec 4, 2025· Updated Apr 7, 2026

Solstice Pod API Session Key Extraction via API Endpoint

CVE-2025-66573

Description

Solstice Pod API (version 5.5, 6.2) contains an unauthenticated API endpoint (/api/config) that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without authentication.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1
  • mersive/Solstice Pod API Session Key Extraction via API Endpointv5
    Range: 5.5

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.