Vulnerabilities

CVE-2025-66573

by Fred · 04/12/2025

Solstice Pod API (version 5.5, 6.2) contains an unauthenticated API endpoint (`/api/config`) that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without authentication.

More information : https://documentation.mersive.com/en/solstice/about-solstice.html

Similar

Tags: Cybersecurity Alert