CVE-2025-66423: trytond does not enforce access rights for the route of the HTML editor.

November 30, 2025 (updated December 2, 2025)

Tryton trytond 6.0 before 7.6.11 does not enforce access rights for the route of the HTML editor. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.

References

discuss.tryton.org/t/security-release-for-issue-14364/8952
foss.heptapod.net/tryton/tryton/-/issues/14364
github.com/advisories/GHSA-p3p5-xrmv-4j6x
github.com/tryton/trytond
nvd.nist.gov/vuln/detail/CVE-2025-66423

Code Behaviors & Features

Detect and mitigate CVE-2025-66423 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →