GHSA-p3p5-xrmv-4j6x

Source

https://github.com/advisories/GHSA-p3p5-xrmv-4j6x

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/11/GHSA-p3p5-xrmv-4j6x/GHSA-p3p5-xrmv-4j6x.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-p3p5-xrmv-4j6x

Aliases

CVE-2025-66423

Published

2025-11-30T03:30:26Z

Modified

2025-12-02T01:29:39.044697Z

Severity

7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVSS Calculator

Summary

trytond does not enforce access rights for the route of the HTML editor.

Details

Tryton trytond 6.0 before 7.6.11 does not enforce access rights for the route of the HTML editor. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.

Database specific

{
    "nvd_published_at": "2025-11-30T03:15:48Z",
    "github_reviewed": true,
    "github_reviewed_at": "2025-12-02T00:30:31Z",
    "severity": "HIGH",
    "cwe_ids": [
        "CWE-863"
    ]
}

References

Affected packages

PyPI / trytond

Package

Name: trytond; View open source insights on deps.dev
Purl: pkg:pypi/trytond

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.5.0

Fixed

7.6.11

Affected versions

7.*

7.6.0

7.6.1

7.6.2

7.6.3

7.6.4

7.6.5

7.6.6

7.6.7

7.6.8

7.6.9

7.6.10

PyPI / trytond

Package

Name: trytond; View open source insights on deps.dev
Purl: pkg:pypi/trytond

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.1.0

Fixed

7.4.21

Affected versions

7.*

7.2.0

7.2.1

7.2.2

7.2.3

7.2.4

7.2.5

7.2.6

7.2.7

7.2.8

7.2.9

7.2.10

7.2.11

7.2.12

7.2.13

7.2.14

7.2.15

7.2.16

7.2.17

7.2.18

7.2.19

7.2.20

7.2.21

7.2.22

7.2.23

7.4.0

7.4.1

7.4.2

7.4.3

7.4.4

7.4.5

7.4.6

7.4.7

7.4.8

7.4.9

7.4.10

7.4.11

7.4.12

7.4.13

7.4.14

7.4.15

7.4.16

7.4.17

7.4.18

7.4.19

7.4.20

PyPI / trytond

Package

Name: trytond; View open source insights on deps.dev
Purl: pkg:pypi/trytond

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.0.0

Fixed

7.0.40

Affected versions

7.*

7.0.0

7.0.1

7.0.2

7.0.3

7.0.4

7.0.5

7.0.6

7.0.7

7.0.8

7.0.9

7.0.10

7.0.11

7.0.12

7.0.13

7.0.14

7.0.15

7.0.16

7.0.17

7.0.18

7.0.19

7.0.20

7.0.21

7.0.22

7.0.23

7.0.24

7.0.25

7.0.26

7.0.27

7.0.28

7.0.29

7.0.30

7.0.31

7.0.32

7.0.33

7.0.34

7.0.35

7.0.36

7.0.37

7.0.38

7.0.39

PyPI / trytond

Package

Name: trytond; View open source insights on deps.dev
Purl: pkg:pypi/trytond

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.0.0

Fixed

6.0.70

Affected versions

6.*

6.0.0

6.0.1

6.0.2

6.0.3

6.0.4

6.0.5

6.0.6

6.0.7

6.0.8

6.0.9

6.0.10

6.0.11

6.0.12

6.0.13

6.0.14

6.0.15

6.0.16

6.0.17

6.0.18

6.0.19

6.0.20

6.0.21

6.0.22

6.0.23

6.0.24

6.0.25

6.0.26

6.0.27

6.0.28

6.0.29

6.0.30

6.0.31

6.0.32

6.0.33

6.0.34

6.0.35

6.0.36

6.0.37

6.0.38

6.0.39

6.0.40

6.0.41

6.0.42

6.0.43

6.0.44

6.0.45

6.0.46

6.0.47

6.0.48

6.0.49

6.0.50

6.0.51

6.0.52

6.0.53

6.0.54

6.0.55

6.0.56

6.0.57

6.0.58

6.0.59

6.0.60

6.0.61

6.0.62

6.0.63

6.0.64

6.0.65

6.0.66

6.0.67

6.0.68

6.0.69