CVE-2025-66423

Summary

Tryton trytond 6.0 before 7.6.11 does not enforce access rights for the route of the HTML editor. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.

Affected Software

VendorProductVersion RangeStatus
Trytontrytond6.0.0 < 6.0.70affected
Trytontrytond7.0.0 < 7.0.40affected
Trytontrytond7.1.0 < 7.4.21affected
Trytontrytond7.5.0 < 7.6.11affected

Weaknesses

  • CWE-863: CWE-863 Incorrect Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References