CVE-2025-66424 — Incorrect Authorization in Trytond

Severity

6.5MEDIUMNVD

EPSS

0.0%

top 85.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedNov 30

Description

Tryton trytond 6.0 before 7.6.11 does not enforce access rights for data export. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

▶CVEListV5tryton/trytond7.1.0 — 7.4.21+1

▶NVDtryton/trytond6.0.0 — 6.0.70+3

▶PyPItryton/trytond7.5.0 — 7.6.11+3

▶debiandebian/tryton-server< tryton-server 6.0.29-2+deb12u4 (bookworm)

GHSA

trytond does not enforce access rights for data export↗2025-11-30

▶

OSV

CVE-2025-66424: Tryton trytond 6↗2025-11-30

▶

OSV

trytond does not enforce access rights for data export↗2025-11-30

▶

Debian

CVE-2025-66424: tryton-server - Tryton trytond 6.0 before 7.6.11 does not enforce access rights for data export....↗2025

▶