CVE-2025-66573 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Solstice Pod API (version 5.5, 6.2) contains an unauthenticated API endpoint (`/api/config`) that exposes sensitive information such as the session key, server…
Medium CVSS: 6.9

CVE-2025-66573

Solstice Pod API (version 5.5, 6.2) contains an unauthenticated API endpoint (`/api/config`) that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without authentication.
Vendor
Mersive
Product
Solstice Pod Firmware
CWE
CWE-319
Yayın Tarihi
2025-12-04 21:16:10
Güncelleme
2025-12-23 00:09:25
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-319 Solstice Pod Firmware MEDIUM Mersive 2025

Referanslar

https://documentation.mersive.com/en/solstice/about-solstice.html https://www.exploit-db.com/exploits/52104 https://www.mersive.com/ https://www.vulncheck.com/advisories/solstice-pod-api-session-key-extraction-via-api-endpoint https://www.exploit-db.com/exploits/52104