CVE-2025-66423

high

Description

Tryton trytond 6.0 before 7.6.11 does not enforce access rights for the route of the HTML editor. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.

References

https://foss.heptapod.net/tryton/tryton/-/issues/14364

https://discuss.tryton.org/t/security-release-for-issue-14364/8952

Details

Source: Mitre, NVD

Published: 2025-11-30

Updated: 2025-11-30

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:P/A:N

Severity: High

CVSS v3

Base Score: 7.1

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N