CNNVD-202512-456 Information

CNNVD ID

CNNVD-202512-456

Related CVE

CVE-2025-66573

• CNNVD Published: 2025-12-04

Description (Chinese)

Mersive Solstice Pod API是美国Mersive公司的一个应用程序编程接口。 Mersive Solstice Pod API 5.5版本和6.2版本存在安全漏洞，该漏洞源于未认证的api/config端点暴露敏感信息，可能导致会话信息泄露。

Description (English)

Mersive Solstice Pod API is an application programming interface for Mersive in the United States. There is a security loophole in versions 5.5 and 6.2 of Hersive Solstice Pod API, which originates from uncertified api/config endpoints that exposes sensitive information and may lead to the disclosure of session information.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Mersive

Published

2025-12-04

Last Modified

2026-02-24

References

https://www.exploit-db.com/exploits/52104 https://documentation.mersive.com/en/solstice/about-solstice.html https://www.mersive.com/ https://www.vulncheck.com/advisories/solstice-pod-api-session-key-extraction-via-api-endpoint https://access.redhat.com/security/cve/cve-2025-66573