CVE-2025-66424: trytond does not enforce access rights for data export

November 30, 2025 (updated December 2, 2025)

Tryton trytond 6.0 before 7.6.11 does not enforce access rights for data export. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.

References

discuss.tryton.org/t/security-release-for-issue-14366/8953
foss.heptapod.net/tryton/tryton/-/issues/14366
github.com/advisories/GHSA-2w93-qwpp-vgvj
github.com/tryton/trytond
nvd.nist.gov/vuln/detail/CVE-2025-66424

Code Behaviors & Features

Detect and mitigate CVE-2025-66424 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →