Home

Description

Tryton trytond 6.0 before 7.6.11 does not enforce access rights for data export. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.

PUBLISHED Reserved 2025-11-30 | Published 2025-11-30 | Updated 2025-12-01 | Assigner mitre




MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-863 Incorrect Authorization

Product status

Default status
unaffected

6.0.0 (semver) before 6.0.70
affected

7.0.0 (semver) before 7.0.40
affected

7.1.0 (semver) before 7.4.21
affected

7.5.0 (semver) before 7.6.11
affected

References

discuss.tryton.org/t/security-release-for-issue-14366/8953

foss.heptapod.net/tryton/tryton/-/issues/14366

cve.org (CVE-2025-66424)

nvd.nist.gov (CVE-2025-66424)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.