Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-66573

CVE-2025-66573: Solstice Pod Information Disclosure Flaw

CVE-2025-66573 is an information disclosure vulnerability in Mersive Solstice Pod Firmware that exposes session keys and sensitive data through an unauthenticated API. This article covers technical details, affected versions, and mitigation.

Updated:

CVE-2025-66573 Overview

CVE-2025-66573 is an information disclosure vulnerability in Mersive Solstice Pod firmware versions 5.5 and 6.2. The device exposes an unauthenticated REST endpoint at /api/config that returns sensitive runtime data. Attackers can retrieve the active session key, server version, product details, and display name without supplying credentials.

The weakness is classified under [CWE-319: Cleartext Transmission of Sensitive Information]. The exposed session key allows unauthorized users to join active collaboration sessions and view confidential meeting content shared through the wireless presentation system.

Critical Impact

Unauthenticated network attackers can extract live session keys from Solstice Pod devices and join in-progress meetings, exposing internal presentations and shared screen content.

Affected Products

  • Mersive Solstice Pod Firmware version 5.5
  • Mersive Solstice Pod Firmware version 6.2
  • Mersive Solstice Pod hardware appliance

Discovery Timeline

  • 2025-12-04 - CVE-2025-66573 published to NVD
  • 2025-12-23 - Last updated in NVD database

Technical Details for CVE-2025-66573

Vulnerability Analysis

The Mersive Solstice Pod is a wireless collaboration appliance used in conference rooms to share screens from laptops and mobile devices. It exposes a configuration API over HTTP for management and discovery purposes. The /api/config endpoint returns a JSON document describing the current device state.

The endpoint does not require authentication. Any client able to reach the Pod over the network can issue a GET request and read the response. The response includes the live SessionKey used by clients to authenticate to the presentation session, the firmware version, product model, and the configured display name shown in meeting rooms.

Because the session key controls access to shared screens and collaboration content, disclosure of the key defeats the access control intended for the meeting. An attacker on the same network segment can join the session, observe shared screens, and inject content depending on Pod policy settings.

Root Cause

The /api/config handler enforces no authentication or authorization checks before returning configuration data. Sensitive runtime state, including the session key, is included in the response intended for public discovery fields such as the display name. The design conflates publicly broadcast metadata with secrets that should remain server-side.

Attack Vector

Exploitation requires only network reachability to the Pod's management interface. An attacker sends an HTTP GET request to /api/config and parses the JSON response. The vulnerability is exposed in environments where Solstice Pods are deployed on corporate networks accessible to employees, contractors, or guest Wi-Fi users. Public proof-of-concept code is available through Exploit-DB entry 52104 and the VulnCheck advisory.

Detection Methods for CVE-2025-66573

Indicators of Compromise

  • Unexpected HTTP GET requests to /api/config on Solstice Pod IP addresses from non-management hosts
  • Repeated connection attempts to Solstice presentation services from clients not on the approved meeting room list
  • Sudden join events from unknown clients on active Solstice sessions

Detection Strategies

  • Inspect network flow logs and web proxy data for HTTP requests targeting /api/config on Mersive Solstice Pod hosts
  • Deploy network IDS signatures that flag unauthenticated REST queries to Solstice management ports from outside the AV management VLAN
  • Correlate device fingerprints in asset inventory with firmware versions 5.5 and 6.2 to scope exposure

Monitoring Recommendations

  • Enable access logging on Solstice Pods and forward logs to a centralized SIEM for review of /api/config access patterns
  • Monitor wireless and wired network segments hosting Solstice devices for scanning behavior targeting TCP ports used by the device API
  • Alert on session-join events that originate from client IPs not previously seen in conference room ranges

How to Mitigate CVE-2025-66573

Immediate Actions Required

  • Restrict network access to Solstice Pod management interfaces using firewall rules or VLAN segmentation, limiting reachability to authorized management hosts only
  • Enforce moderated session mode and screen-share approval on all Pods to prevent unauthorized joins even if a session key leaks
  • Rotate session keys frequently and enable random key generation per meeting

Patch Information

No vendor patch is referenced in the current NVD entry. Administrators should consult the Mersive Solstice documentation and the Mersive support portal for firmware updates beyond versions 5.5 and 6.2 that address unauthenticated /api/config exposure.

Workarounds

  • Place Solstice Pods on an isolated audiovisual VLAN that blocks inbound HTTP from general user networks
  • Disable guest network access to Solstice services and require VPN or 802.1X authentication before clients can reach the Pod
  • Configure the Pod to require a moderator to approve each connection attempt, reducing impact if the session key is exposed
bash
# Example firewall rule to restrict Solstice API access to management subnet only
iptables -A INPUT -p tcp --dport 80 -s 10.10.50.0/24 -d <solstice_pod_ip> -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -d <solstice_pod_ip> -j DROP

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.