CVE-2025-66422 — Resource Leak in Trytond

CWE-402 — Resource Leak5 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 80.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tryton Trytond Debian Tryton-server

Timeline

PublishedNov 30

Description

Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back (server setup) information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

▶CVEListV5tryton/trytond7.1.0 — 7.4.21+2

▶NVDtryton/trytond6.0.0 — 6.0.70+3

▶PyPItryton/trytond7.5.0 — 7.6.11+3

▶debiandebian/tryton-server< tryton-server 6.0.29-2+deb12u4 (bookworm)

🔴Vulnerability Details

OSV

trytond allows remote attackers to obtain sensitive trace-back (server setup) information↗2025-11-30

▶

OSV

CVE-2025-66422: Tryton trytond before 7↗2025-11-30

▶

GHSA

trytond allows remote attackers to obtain sensitive trace-back (server setup) information↗2025-11-30

▶

📋Vendor Advisories

Debian

CVE-2025-66422: tryton-server - Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-b...↗2025

▶