PT-2025-49141 · Unknown · Solstice Pod Api
Published
2025-12-04
·
Updated
2025-12-05
·
CVE-2025-66573
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Solstice Pod API versions 5.5 through 6.2
Description
The Solstice Pod API has an unauthenticated API endpoint. Specifically, the
/api/config endpoint allows unauthorized access to sensitive information without requiring authentication. This exposed data includes the session key, server version, product details, and display name. Accessing this endpoint allows extraction of live session information.Recommendations
Apply authentication to the
/api/config API endpoint for versions 5.5 through 6.2.Exploit
Fix
Cleartext Transmission of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Solstice Pod Api