Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/tryton-server@6.0.29-2%2Bdeb12u4

Type deb

Namespace debian

Name tryton-server

Version 6.0.29-2+deb12u4

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-aa7x-ejc8-7bfz

vulnerability_id VCID-aa7x-ejc8-7bfz

summary

trytond does not enforce access rights for data export
Tryton trytond 6.0 before 7.6.11 does not enforce access rights for data export. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-66424

reference_id

reference_type

scores

value	0.00038
scoring_system	epss
scoring_elements	0.11757
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-66424

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66424
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66424

reference_url

https://discuss.tryton.org/t/security-release-for-issue-14366/8953

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T13:33:40Z/

url

https://discuss.tryton.org/t/security-release-for-issue-14366/8953

reference_url

https://foss.heptapod.net/tryton/tryton/-/issues/14366

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T13:33:40Z/

url

https://foss.heptapod.net/tryton/tryton/-/issues/14366

reference_url

https://github.com/tryton/trytond

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/tryton/trytond

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121243
reference_id	1121243
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121243

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-66424

reference_id

CVE-2025-66424

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-66424

reference_url

https://github.com/advisories/GHSA-2w93-qwpp-vgvj

reference_id

GHSA-2w93-qwpp-vgvj

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2w93-qwpp-vgvj

fixed_packages

url	pkg:deb/debian/tryton-server@6.0.29-2%2Bdeb12u4
purl	pkg:deb/debian/tryton-server@6.0.29-2%2Bdeb12u4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tryton-server@6.0.29-2%252Bdeb12u4

aliases CVE-2025-66424, GHSA-2w93-qwpp-vgvj

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aa7x-ejc8-7bfz

url VCID-q985-c71n-9bb9

vulnerability_id VCID-q985-c71n-9bb9

summary

trytond allows remote attackers to obtain sensitive trace-back (server setup) information
Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back (server setup) information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-66422

reference_id

reference_type

scores

value	0.00054
scoring_system	epss
scoring_elements	0.17359
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-66422

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66422
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66422

reference_url

https://discuss.tryton.org/t/security-release-for-issue-14354/8950

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T13:33:24Z/

url

https://discuss.tryton.org/t/security-release-for-issue-14354/8950

reference_url

https://foss.heptapod.net/tryton/tryton/-/issues/14354

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-01T13:33:24Z/

url

https://foss.heptapod.net/tryton/tryton/-/issues/14354

reference_url

https://github.com/tryton/trytond

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/tryton/trytond

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121242
reference_id	1121242
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121242

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-66422

reference_id

CVE-2025-66422

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-66422

reference_url

https://github.com/advisories/GHSA-jqfc-9q34-prhg

reference_id

GHSA-jqfc-9q34-prhg

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jqfc-9q34-prhg

fixed_packages

url	pkg:deb/debian/tryton-server@6.0.29-2%2Bdeb12u4
purl	pkg:deb/debian/tryton-server@6.0.29-2%2Bdeb12u4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tryton-server@6.0.29-2%252Bdeb12u4

aliases CVE-2025-66422, GHSA-jqfc-9q34-prhg

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q985-c71n-9bb9

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/tryton-server@6.0.29-2%252Bdeb12u4

Package Instance