CVE-2025-66424

描述

Tryton trytond 6.0 before 7.6.11 does not enforce access rights for data export. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.

受影響套件(2)

• Debian/tryton-serverfrom 0, < 5.0.33-2+deb11u4
• PyPI/trytond>= 7.5.0, < 7.6.11

CVSS 分數

參考連結(5)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2025-66424
• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2025-66424
• PATCHhttps://github.com/tryton/trytond
• WEBhttps://discuss.tryton.org/t/security-release-for-issue-14366/8953
• WEBhttps://foss.heptapod.net/tryton/tryton/-/issues/14366