{
  "affected": [
    {
      "database_specific": {
        "unresolved_ranges": [
          {
            "events": [
              {
                "introduced": "6.0.0"
              },
              {
                "fixed": "6.0.70"
              }
            ]
          },
          {
            "events": [
              {
                "introduced": "7.0.0"
              },
              {
                "fixed": "7.0.40"
              }
            ]
          },
          {
            "events": [
              {
                "introduced": "7.4.0"
              },
              {
                "fixed": "7.4.21"
              }
            ]
          },
          {
            "events": [
              {
                "introduced": "7.6.0"
              },
              {
                "fixed": "7.6.11"
              }
            ]
          },
          {
            "events": [
              {
                "introduced": "6.0"
              },
              {
                "fixed": "7.6.11"
              }
            ]
          }
        ]
      }
    }
  ],
  "details": "Tryton trytond 6.0 before 7.6.11 does not enforce access rights for data export. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.",
  "id": "CVE-2025-66424",
  "modified": "2026-03-15T21:49:36.693553600Z",
  "published": "2025-11-30T03:15:48.360Z",
  "references": [
    {
      "type": "REPORT",
      "url": "https://foss.heptapod.net/tryton/tryton/-/issues/14366"
    },
    {
      "type": "REPORT",
      "url": "https://discuss.tryton.org/t/security-release-for-issue-14366/8953"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}