Sign in Subscribe

← All advisories

Moderate severityNVD Advisory· Published Nov 30, 2025· Updated Dec 1, 2025

CVE-2025-66424

CVE-2025-66424

Description

Tryton trytond 6.0 before 7.6.11 does not enforce access rights for data export. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
trytondPyPI	>= 7.5.0, < 7.6.11	7.6.11
trytondPyPI	>= 7.1.0, < 7.4.21	7.4.21
trytondPyPI	>= 7.0.0, < 7.0.40	7.0.40
trytondPyPI	>= 6.0.0, < 6.0.70	6.0.70

Affected products

1

Tryton/Trytondv5
Range: 6.0.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

github.com/advisories/GHSA-2w93-qwpp-vgvjghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-66424ghsaADVISORY
discuss.tryton.org/t/security-release-for-issue-14366/8953ghsaWEB
foss.heptapod.net/tryton/tryton/-/issues/14366ghsaWEB

News mentions

0

No linked articles in our index yet.