MEDIUM 4.3

GHSA-jqfc-9q34-prhg

trytond allows remote attackers to obtain sensitive trace-back (server setup) information

Details

Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back (server setup) information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / trytond

Introduced in: 7.5.0 Fixed in: 7.6.11

Fix pip install --upgrade 'trytond>=7.6.11'

PyPI / trytond

Introduced in: 7.1.0 Fixed in: 7.4.21

Fix pip install --upgrade 'trytond>=7.4.21'

PyPI / trytond

Introduced in: 7.0.0 Fixed in: 7.0.40

Fix pip install --upgrade 'trytond>=7.0.40'

PyPI / trytond

Introduced in: 0 Fixed in: 6.0.70

Fix pip install --upgrade 'trytond>=6.0.70'

References

https://nvd.nist.gov/vuln/detail/CVE-2025-66422 [ADVISORY]
https://discuss.tryton.org/t/security-release-for-issue-14354/8950 [WEB]
https://foss.heptapod.net/tryton/tryton/-/issues/14354 [WEB]
https://github.com/tryton/trytond [PACKAGE]