{
  "affected": [
    {
      "database_specific": {
        "unresolved_ranges": [
          {
            "events": [
              {
                "introduced": "6.0.0"
              },
              {
                "fixed": "6.0.70"
              }
            ]
          },
          {
            "events": [
              {
                "introduced": "7.0.0"
              },
              {
                "fixed": "7.0.40"
              }
            ]
          },
          {
            "events": [
              {
                "introduced": "7.4.0"
              },
              {
                "fixed": "7.4.21"
              }
            ]
          },
          {
            "events": [
              {
                "introduced": "7.6.0"
              },
              {
                "fixed": "7.6.11"
              }
            ]
          },
          {
            "events": [
              {
                "introduced": "0"
              },
              {
                "fixed": "7.6.11"
              }
            ]
          }
        ]
      }
    }
  ],
  "details": "Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back (server setup) information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.",
  "id": "CVE-2025-66422",
  "modified": "2026-03-10T21:47:34.662810945Z",
  "published": "2025-11-30T03:15:47.970Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://discuss.tryton.org/t/security-release-for-issue-14354/8950"
    },
    {
      "type": "REPORT",
      "url": "https://foss.heptapod.net/tryton/tryton/-/issues/14354"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}