{"id":"CVE-2025-66424","details":"Tryton trytond 6.0 before 7.6.11 does not enforce access rights for data export. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.","aliases":["GHSA-2w93-qwpp-vgvj"],"modified":"2026-03-15T22:51:26.434428Z","published":"2025-11-30T03:15:48.360Z","references":[{"type":"REPORT","url":"https://foss.heptapod.net/tryton/tryton/-/issues/14366"},{"type":"REPORT","url":"https://discuss.tryton.org/t/security-release-for-issue-14366/8953"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"6.0.0"},{"fixed":"6.0.70"}]},{"events":[{"introduced":"7.0.0"},{"fixed":"7.0.40"}]},{"events":[{"introduced":"7.4.0"},{"fixed":"7.4.21"}]},{"events":[{"introduced":"7.6.0"},{"fixed":"7.6.11"}]},{"events":[{"introduced":"6.0"},{"fixed":"7.6.11"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-66424.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}