ГлавнаяУязвимости → CVE-2025-66573
7.5высокая

CVE-2025-66573

Описание

Solstice Pod API (version 5.5, 6.2) contains an unauthenticated API endpoint (`/api/config`) that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without authentication.

Затрагиваемое ПО
Mersive Solstice pod firmwareMersive Solstice pod
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Источники
https://documentation.mersive.com/en/solstice/about-solstice.htmlhttps://www.exploit-db.com/exploits/52104https://www.mersive.com/https://www.vulncheck.com/advisories/solstice-pod-api-session-key-extraction-via-api-endpointhttps://www.exploit-db.com/exploits/52104