Sign in Subscribe

← All advisories

Medium severity5.4GHSA Advisory· Published Nov 30, 2025· Updated Apr 15, 2026

CVE-2025-66420

CVE-2025-66420

Description

Tryton sao (aka tryton-sao) before 7.6.9 allows XSS via an HTML attachment. This is fixed in 7.6.9, 7.4.19, 7.0.38, and 6.0.67.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
tryton-saonpm	>= 7.5.0, < 7.6.9	7.6.9
tryton-saonpm	>= 7.1.0, < 7.4.19	7.4.19
tryton-saonpm	>= 7.0.0, < 7.0.38	7.0.38
tryton-saonpm	< 6.0.67	6.0.67

Affected products

1

Tryton/SaoGHSA
Range: < 6.0.67

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

github.com/advisories/GHSA-xhgv-99mj-8m2xghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-66420ghsaADVISORY
discuss.tryton.org/t/security-release-for-issue-14290/8895nvdWEB
foss.heptapod.net/tryton/tryton/-/issues/14290nvdWEB

News mentions

0

No linked articles in our index yet.