CVE-2025-66573

HIGH

Solstice Pod API <6.2 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-66573. PoCs published by Thomas Heverin.

AI-analyzed exploit summary This Python script exploits an unauthenticated API endpoint (`/api/config`) in Solstice Pod to extract sensitive information such as session keys, server version, and product details. It bypasses SSL/TLS verification to interact with the endpoint and parse the JSON response.

Description

Solstice Pod API (version 5.5, 6.2) contains an unauthenticated API endpoint (`/api/config`) that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without authentication.

Exploits (1)

exploitdb WORKING POC

by Thomas Heverin · textlocalwindows

https://www.exploit-db.com/exploits/52104

View Code ZIP pw:eip

This Python script exploits an unauthenticated API endpoint (`/api/config`) in Solstice Pod to extract sensitive information such as session keys, server version, and product details. It bypasses SSL/TLS verification to interact with the endpoint and parse the JSON response.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Solstice Pod versions 5.5, 6.2

No auth needed

Prerequisites: Network access to the Solstice Pod API endpoint on port 8443

MITRE ATT&CK

T1119 - Automated Collection T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/52104

Product product

https://www.mersive.com/

Product product

https://documentation.mersive.com/en/solstice/about-solstice.html

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/solstice-pod-api-session-key-extraction-via-api-endpoint

Scores

CVSS v3 7.5

EPSS 0.0008

EPSS Percentile 24.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-319

Status published

Products (6)

mersive/Solstice Pod API 5.5

mersive/Solstice Pod API 6.2

mersive/Solstice Pod API Session Key Extraction via API Endpoint 5.5

mersive/Solstice Pod API Session Key Extraction via API Endpoint 6.2

mersive/solstice_pod_firmware 5.6

mersive/solstice_pod_firmware 6.2

Published Dec 04, 2025

Tracked Since Feb 18, 2026