Moderate severityNVD Advisory· Published Nov 30, 2025· Updated Dec 1, 2025

CVE-2025-66422

Description

Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back (server setup) information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
trytondPyPI	>= 7.5.0, < 7.6.11	7.6.11
trytondPyPI	>= 7.1.0, < 7.4.21	7.4.21
trytondPyPI	>= 7.0.0, < 7.0.40	7.0.40
trytondPyPI	< 6.0.70	6.0.70

Affected products

Tryton/Trytondv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-jqfc-9q34-prhgghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-66422ghsaADVISORY
discuss.tryton.org/t/security-release-for-issue-14354/8950ghsaWEB
foss.heptapod.net/tryton/tryton/-/issues/14354ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000