CVE-2025-66420 is a cross-site scripting (XSS) vulnerability classified under CWE-79 affecting Tryton sao, an open-source web client for the Tryton ERP system. The vulnerability exists in versions prior to 7.6.9 and allows an attacker to inject malicious scripts through HTML attachments. This improper neutralization of input during web page generation can lead to the execution of arbitrary scripts in the context of the victim's browser. The vulnerability requires the attacker to have low privileges (PR:L) and user interaction (UI:R), such as convincing a user to open a crafted HTML attachment. The attack vector is network-based (AV:N), and the attack complexity is low (AC:L). The vulnerability impacts confidentiality and integrity but does not affect availability. The scope is changed (S:C), indicating that the vulnerability affects resources beyond the initially vulnerable component. The issue is fixed in Tryton sao versions 7.6.9, 7.4.19, 7.0.38, and 6.0.67. No public exploits have been reported, but the presence of this vulnerability in multiple supported versions indicates a significant risk if left unpatched. The vulnerability highlights the importance of proper input sanitization and secure handling of HTML content in web applications, especially those integrated with ERP systems that manage sensitive business data.

For European organizations, the exploitation of this XSS vulnerability could lead to unauthorized disclosure of sensitive information, session hijacking, or manipulation of data integrity within the Tryton ERP environment. Since Tryton is used by various enterprises for resource planning and management, attackers could leverage this vulnerability to gain footholds for further attacks, including phishing or lateral movement. The confidentiality impact could expose business-critical data, while integrity impacts could result in unauthorized data modifications. Although availability is not directly affected, the indirect consequences of data breaches or compromised user accounts could disrupt business operations. Organizations in Europe relying on Tryton sao for ERP functions should consider this vulnerability a significant risk, particularly in sectors handling sensitive financial or personal data, such as finance, manufacturing, and public administration.

The primary mitigation is to upgrade Tryton sao to one of the fixed versions: 7.6.9, 7.4.19, 7.0.38, or 6.0.67. Organizations should prioritize patching systems to eliminate the vulnerability. Additionally, implement strict input validation and sanitization on all user-supplied content, especially HTML attachments, to prevent script injection. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. Conduct user awareness training to reduce the risk of social engineering attacks that rely on user interaction. Monitor web application logs for suspicious activity related to HTML attachments and script execution. Where possible, isolate Tryton sao instances and restrict network access to trusted users to minimize exposure. Regularly review and update security configurations and perform penetration testing focused on XSS vulnerabilities to ensure ongoing protection.