Login Sign Up

CVE-2025-66422

4.3 MEDIUM

📋 TL;DR

This vulnerability in Tryton's trytond server allows remote attackers to obtain sensitive trace-back information that reveals server setup details. It affects all Tryton installations running vulnerable versions of trytond. Attackers can exploit this to gather reconnaissance data about server configuration.

💻 Affected Systems

Products:
  • Tryton trytond
Versions: All versions before 7.6.11, 7.4.21, 7.0.40, and 6.0.70
Operating Systems: All platforms running Tryton
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all Tryton deployments with vulnerable versions exposed to network access.

📦 What is this software?

Trytond by Tryton

View all CVEs affecting Trytond →

Trytond by Tryton

View all CVEs affecting Trytond →

Trytond by Tryton

View all CVEs affecting Trytond →

Trytond by Tryton

View all CVEs affecting Trytond →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers obtain detailed server configuration, file paths, and internal structure information that could facilitate further attacks or targeted exploitation.

🟠

Likely Case

Information disclosure revealing server paths, module versions, and internal error handling details that aids reconnaissance.

🟢

If Mitigated

Limited information disclosure with proper error handling and logging controls in place.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Information disclosure vulnerability requiring network access to trytond service.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.6.11, 7.4.21, 7.0.40, or 6.0.70 depending on your branch

Vendor Advisory: https://discuss.tryton.org/t/security-release-for-issue-14354/8950

Restart Required: Yes

Instructions:

1. Identify your Tryton version. 2. Update to appropriate patched version using your package manager or pip. 3. Restart trytond service. 4. Verify the update was successful.

🔧 Temporary Workarounds

Disable detailed error responses

all

Configure trytond to return generic error messages instead of detailed tracebacks

Configure trytond.conf with appropriate error handling settings

Network segmentation

all

Restrict access to trytond service to trusted networks only

Configure firewall rules to limit trytond port access

🧯 If You Can't Patch

  • Implement network controls to restrict access to trytond service
  • Configure application-level error handling to suppress detailed tracebacks

🔍 How to Verify

Check if Vulnerable:

Check trytond version with: trytond --version or pip show trytond

Check Version:

trytond --version

Verify Fix Applied:

Verify version is 7.6.11, 7.4.21, 7.0.40, or 6.0.70 or higher

📡 Detection & Monitoring

Log Indicators:

  • Unusual error responses containing traceback information
  • Multiple error requests from single sources

Network Indicators:

  • HTTP requests to trytond endpoints resulting in detailed error responses

SIEM Query:

source="trytond" AND "traceback" AND "File"

📊 Metadata

CVE ID: CVE-2025-66422
CVSS v3 Score: 4.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-402
EPSS Score: 0.05% exploit probability (15.9th percentile)
Published: November 30, 2025
Last Updated: December 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-66422, you might also want to check these:

CVE-2025-0502 9.1

This vulnerability allows attackers to access private files and directories in CrafterCMS through im...

Same vulnerability type (CWE-402)
CVE-2021-31407 8.6

This vulnerability in Vaadin's OSGi integration allows attackers to access server-side application c...

Same vulnerability type (CWE-402)
CVE-2021-31410 8.6

This vulnerability in Vaadin Designer allows remote attackers to access project source files through...

Same vulnerability type (CWE-402)