High severityNVD Advisory· Published Nov 30, 2025· Updated Dec 1, 2025

CVE-2025-66423

Description

Tryton trytond 6.0 before 7.6.11 does not enforce access rights for the route of the HTML editor. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
trytondPyPI	>= 7.5.0, < 7.6.11	7.6.11
trytondPyPI	>= 7.1.0, < 7.4.21	7.4.21
trytondPyPI	>= 7.0.0, < 7.0.40	7.0.40
trytondPyPI	>= 6.0.0, < 6.0.70	6.0.70

Affected products

Tryton/Trytondv5
Range: 6.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-p3p5-xrmv-4j6xghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-66423ghsaADVISORY
discuss.tryton.org/t/security-release-for-issue-14364/8952ghsaWEB
foss.heptapod.net/tryton/tryton/-/issues/14364ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000