CVE-2025-66573 identifies a vulnerability in the mersive Solstice Pod API, specifically versions 5.5 and 6.2, where an unauthenticated API endpoint (/api/config) exposes sensitive information including session keys, server version, product details, and display names. This endpoint does not require authentication, allowing any remote attacker to retrieve live session information. The vulnerability is categorized under CWE-319, indicating cleartext transmission of sensitive information. The exposed session key can be used to hijack or manipulate active sessions, compromising confidentiality and potentially integrity of the system. The CVSS 4.0 base score is 6.9 (medium severity), reflecting the ease of exploitation (no authentication or user interaction needed) but limited impact scope as it does not directly affect availability or system-wide integrity. No patches are currently linked, and no known exploits are reported in the wild, but the risk remains significant for environments relying on Solstice Pods for secure wireless collaboration. The vulnerability highlights a design flaw in API security, where sensitive data is exposed without proper access controls or encryption, increasing the risk of unauthorized data disclosure and session compromise.

For European organizations, this vulnerability poses a risk of unauthorized disclosure of session keys and sensitive system information, which can lead to session hijacking, unauthorized access to presentation content, and potential lateral movement within networks. Organizations in sectors such as education, corporate enterprises, and government that use Solstice Pods for wireless collaboration and presentations could face confidentiality breaches. The exposure of server version and product details also aids attackers in crafting targeted attacks. Although the vulnerability does not directly impact system availability, the compromise of session keys can undermine trust in collaboration tools and lead to data leaks or intellectual property theft. The lack of authentication requirement increases the attack surface, making it easier for remote attackers to exploit the flaw without insider access. This can be particularly impactful in environments with sensitive or regulated data, such as financial institutions or healthcare providers in Europe, where data protection regulations like GDPR impose strict requirements on data confidentiality.

European organizations should immediately restrict network access to the Solstice Pod API endpoint (/api/config) by implementing network segmentation and firewall rules that limit access to trusted management hosts only. Monitoring and logging access to this endpoint should be enabled to detect unauthorized attempts. Organizations should engage with mersive for official patches or updates addressing this vulnerability and apply them promptly once available. In the interim, disabling or restricting the API if possible can reduce exposure. Employing network encryption (e.g., VPN or TLS) around Solstice Pod communications can help protect sensitive data in transit. Additionally, organizations should conduct internal audits to identify all Solstice Pod devices running affected versions and prioritize remediation based on criticality. Training IT staff to recognize signs of session hijacking or unusual API access patterns will aid in early detection. Finally, integrating this vulnerability into vulnerability management and incident response processes ensures ongoing risk reduction.