{"id":"GHSA-jqfc-9q34-prhg","summary":"trytond allows remote attackers to obtain sensitive trace-back (server setup) information","details":"Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back (server setup) information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.","aliases":["CVE-2025-66422"],"modified":"2025-12-02T01:29:18.287795Z","published":"2025-11-30T03:30:26Z","database_specific":{"nvd_published_at":"2025-11-30T03:15:47Z","cwe_ids":["CWE-402"],"severity":"MODERATE","github_reviewed":true,"github_reviewed_at":"2025-12-02T00:30:16Z"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66422"},{"type":"WEB","url":"https://discuss.tryton.org/t/security-release-for-issue-14354/8950"},{"type":"WEB","url":"https://foss.heptapod.net/tryton/tryton/-/issues/14354"},{"type":"PACKAGE","url":"https://github.com/tryton/trytond"}],"affected":[{"package":{"name":"trytond","ecosystem":"PyPI","purl":"pkg:pypi/trytond"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"7.5.0"},{"fixed":"7.6.11"}]}],"versions":["7.6.0","7.6.1","7.6.10","7.6.2","7.6.3","7.6.4","7.6.5","7.6.6","7.6.7","7.6.8","7.6.9"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/11/GHSA-jqfc-9q34-prhg/GHSA-jqfc-9q34-prhg.json"}},{"package":{"name":"trytond","ecosystem":"PyPI","purl":"pkg:pypi/trytond"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"7.1.0"},{"fixed":"7.4.21"}]}],"versions":["7.2.0","7.2.1","7.2.10","7.2.11","7.2.12","7.2.13","7.2.14","7.2.15","7.2.16","7.2.17","7.2.18","7.2.19","7.2.2","7.2.20","7.2.21","7.2.22","7.2.23","7.2.3","7.2.4","7.2.5","7.2.6","7.2.7","7.2.8","7.2.9","7.4.0","7.4.1","7.4.10","7.4.11","7.4.12","7.4.13","7.4.14","7.4.15","7.4.16","7.4.17","7.4.18","7.4.19","7.4.2","7.4.20","7.4.3","7.4.4","7.4.5","7.4.6","7.4.7","7.4.8","7.4.9"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/11/GHSA-jqfc-9q34-prhg/GHSA-jqfc-9q34-prhg.json"}},{"package":{"name":"trytond","ecosystem":"PyPI","purl":"pkg:pypi/trytond"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"7.0.0"},{"fixed":"7.0.40"}]}],"versions":["7.0.0","7.0.1","7.0.10","7.0.11","7.0.12","7.0.13","7.0.14","7.0.15","7.0.16","7.0.17","7.0.18","7.0.19","7.0.2","7.0.20","7.0.21","7.0.22","7.0.23","7.0.24","7.0.25","7.0.26","7.0.27","7.0.28","7.0.29","7.0.3","7.0.30","7.0.31","7.0.32","7.0.33","7.0.34","7.0.35","7.0.36","7.0.37","7.0.38","7.0.39","7.0.4","7.0.5","7.0.6","7.0.7","7.0.8","7.0.9"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/11/GHSA-jqfc-9q34-prhg/GHSA-jqfc-9q34-prhg.json"}},{"package":{"name":"trytond","ecosystem":"PyPI","purl":"pkg:pypi/trytond"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.0.70"}]}],"versions":["1.0.0","1.0.1","1.0.2","1.0.3","1.0.4","1.0.5","1.0.6","1.0.7","1.0.8","1.0.9","1.2.0","1.2.1","1.2.10","1.2.2","1.2.3","1.2.4","1.2.5","1.2.6","1.2.7","1.2.8","1.2.9","1.4.0","1.4.1","1.4.10","1.4.11","1.4.12","1.4.13","1.4.2","1.4.3","1.4.4","1.4.5","1.4.6","1.4.7","1.4.8","1.4.9","1.6.0","1.6.1","1.6.10","1.6.2","1.6.3","1.6.4","1.6.5","1.6.6","1.6.7","1.6.8","1.6.9","1.8.0","1.8.1","1.8.10","1.8.11","1.8.2","1.8.3","1.8.4","1.8.5","1.8.6","1.8.7","1.8.8","1.8.9","2.0.0","2.0.1","2.0.10","2.0.11","2.0.12","2.0.13","2.0.2","2.0.3","2.0.4","2.0.5","2.0.6","2.0.7","2.0.8","2.0.9","2.2.0","2.2.1","2.2.10","2.2.11","2.2.12","2.2.13","2.2.14","2.2.2","2.2.3","2.2.4","2.2.5","2.2.6","2.2.7","2.2.8","2.2.9","2.4.0","2.4.1","2.4.10","2.4.11","2.4.12","2.4.13","2.4.14","2.4.15","2.4.16","2.4.2","2.4.3","2.4.4","2.4.5","2.4.6","2.4.7","2.4.8","2.4.9","2.6.0","2.6.1","2.6.10","2.6.11","2.6.12","2.6.13","2.6.14","2.6.15","2.6.16","2.6.17","2.6.18","2.6.2","2.6.3","2.6.4","2.6.5","2.6.6","2.6.7","2.6.8","2.6.9","2.8.0","2.8.1","2.8.10","2.8.11","2.8.12","2.8.13","2.8.14","2.8.15","2.8.16","2.8.2","2.8.3","2.8.4","2.8.5","2.8.6","2.8.7","2.8.8","2.8.9","3.0.0","3.0.1","3.0.10","3.0.11","3.0.12","3.0.13","3.0.14","3.0.15","3.0.16","3.0.17","3.0.2","3.0.3","3.0.4","3.0.5","3.0.6","3.0.7","3.0.8","3.0.9","3.2.0","3.2.1","3.2.10","3.2.11","3.2.12","3.2.13","3.2.14","3.2.15","3.2.16","3.2.17","3.2.18","3.2.2","3.2.3","3.2.4","3.2.5","3.2.6","3.2.7","3.2.8","3.2.9","3.4.0","3.4.1","3.4.10","3.4.11","3.4.12","3.4.13","3.4.14","3.4.15","3.4.16","3.4.17","3.4.18","3.4.2","3.4.3","3.4.4","3.4.5","3.4.6","3.4.7","3.4.8","3.4.9","3.6.0","3.6.1","3.6.10","3.6.11","3.6.12","3.6.13","3.6.14","3.6.15","3.6.16","3.6.17","3.6.18","3.6.19","3.6.2","3.6.3","3.6.4","3.6.5","3.6.6","3.6.7","3.6.8","3.6.9","3.8.0","3.8.1","3.8.10","3.8.11","3.8.12","3.8.13","3.8.14","3.8.15","3.8.16","3.8.17","3.8.18","3.8.2","3.8.3","3.8.4","3.8.5","3.8.6","3.8.7","3.8.8","3.8.9","4.0.0","4.0.1","4.0.10","4.0.11","4.0.12","4.0.13","4.0.14","4.0.15","4.0.16","4.0.17","4.0.18","4.0.19","4.0.2","4.0.20","4.0.3","4.0.4","4.0.5","4.0.6","4.0.7","4.0.8","4.0.9","4.2.0","4.2.1","4.2.10","4.2.11","4.2.12","4.2.13","4.2.14","4.2.15","4.2.16","4.2.17","4.2.18","4.2.19","4.2.2","4.2.20","4.2.21","4.2.22","4.2.3","4.2.4","4.2.5","4.2.6","4.2.7","4.2.8","4.2.9","4.4.0","4.4.1","4.4.10","4.4.11","4.4.12","4.4.13","4.4.14","4.4.15","4.4.16","4.4.17","4.4.18","4.4.19","4.4.2","4.4.20","4.4.21","4.4.22","4.4.23","4.4.24","4.4.25","4.4.26","4.4.27","4.4.3","4.4.4","4.4.5","4.4.6","4.4.7","4.4.8","4.4.9","4.6.0","4.6.1","4.6.10","4.6.11","4.6.12","4.6.13","4.6.14","4.6.15","4.6.16","4.6.17","4.6.18","4.6.19","4.6.2","4.6.20","4.6.21","4.6.22","4.6.3","4.6.4","4.6.5","4.6.6","4.6.7","4.6.8","4.6.9","4.8.0","4.8.1","4.8.10","4.8.11","4.8.12","4.8.13","4.8.14","4.8.15","4.8.16","4.8.17","4.8.18","4.8.2","4.8.3","4.8.4","4.8.5","4.8.6","4.8.7","4.8.8","4.8.9","5.0.0","5.0.1","5.0.10","5.0.11","5.0.12","5.0.13","5.0.14","5.0.15","5.0.16","5.0.17","5.0.18","5.0.19","5.0.2","5.0.20","5.0.21","5.0.22","5.0.23","5.0.24","5.0.25","5.0.26","5.0.27","5.0.28","5.0.29","5.0.3","5.0.30","5.0.31","5.0.32","5.0.33","5.0.34","5.0.35","5.0.36","5.0.37","5.0.38","5.0.39","5.0.4","5.0.40","5.0.41","5.0.42","5.0.43","5.0.44","5.0.45","5.0.46","5.0.47","5.0.48","5.0.49","5.0.5","5.0.50","5.0.51","5.0.52","5.0.53","5.0.54","5.0.55","5.0.56","5.0.57","5.0.58","5.0.59","5.0.6","5.0.60","5.0.61","5.0.62","5.0.63","5.0.7","5.0.8","5.0.9","5.2.0","5.2.1","5.2.10","5.2.11","5.2.12","5.2.13","5.2.14","5.2.15","5.2.16","5.2.17","5.2.18","5.2.19","5.2.2","5.2.20","5.2.3","5.2.4","5.2.5","5.2.6","5.2.7","5.2.8","5.2.9","5.4.0","5.4.1","5.4.10","5.4.11","5.4.12","5.4.13","5.4.14","5.4.15","5.4.16","5.4.17","5.4.18","5.4.19","5.4.2","5.4.20","5.4.3","5.4.4","5.4.5","5.4.6","5.4.7","5.4.8","5.4.9","5.6.0","5.6.1","5.6.10","5.6.11","5.6.12","5.6.13","5.6.14","5.6.15","5.6.16","5.6.17","5.6.2","5.6.3","5.6.4","5.6.5","5.6.6","5.6.7","5.6.8","5.6.9","5.8.0","5.8.1","5.8.10","5.8.11","5.8.12","5.8.13","5.8.14","5.8.15","5.8.16","5.8.2","5.8.3","5.8.4","5.8.5","5.8.6","5.8.7","5.8.8","5.8.9","6.0.0","6.0.1","6.0.10","6.0.11","6.0.12","6.0.13","6.0.14","6.0.15","6.0.16","6.0.17","6.0.18","6.0.19","6.0.2","6.0.20","6.0.21","6.0.22","6.0.23","6.0.24","6.0.25","6.0.26","6.0.27","6.0.28","6.0.29","6.0.3","6.0.30","6.0.31","6.0.32","6.0.33","6.0.34","6.0.35","6.0.36","6.0.37","6.0.38","6.0.39","6.0.4","6.0.40","6.0.41","6.0.42","6.0.43","6.0.44","6.0.45","6.0.46","6.0.47","6.0.48","6.0.49","6.0.5","6.0.50","6.0.51","6.0.52","6.0.53","6.0.54","6.0.55","6.0.56","6.0.57","6.0.58","6.0.59","6.0.6","6.0.60","6.0.61","6.0.62","6.0.63","6.0.64","6.0.65","6.0.66","6.0.67","6.0.68","6.0.69","6.0.7","6.0.8","6.0.9"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/11/GHSA-jqfc-9q34-prhg/GHSA-jqfc-9q34-prhg.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}