CVE-2025-66422 is a vulnerability identified in the Tryton ERP system's trytond server component, affecting versions prior to 7.6.11, 7.4.21, 7.0.40, and 6.0.70. The issue is classified under CWE-402, which relates to the transmission of private resources into a new sphere, commonly known as a resource leak. Specifically, this vulnerability allows remote attackers with low privileges to obtain sensitive trace-back information from the server setup. This trace-back information can include detailed error messages, stack traces, or configuration details that are not intended for exposure. Such information disclosure can aid attackers in reconnaissance, helping them understand the server environment and potentially identify further vulnerabilities or misconfigurations to exploit. The vulnerability is remotely exploitable over the network without requiring user interaction, but it does require some level of privileges (PR:L) to trigger. The CVSS v3.1 base score is 4.3, indicating medium severity, with the vector AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N, meaning the attack vector is network-based, with low attack complexity, requiring privileges, no user interaction, unchanged scope, and only confidentiality impact. There are no known exploits in the wild at the time of publication. The vulnerability has been addressed in the specified patched versions, and users are advised to upgrade accordingly to prevent information leakage.

For European organizations using Tryton ERP, this vulnerability poses a risk of sensitive information disclosure that could facilitate further targeted attacks. Although it does not directly impact data integrity or system availability, the leakage of server trace-back details can provide attackers with insights into the internal workings and configurations of the trytond server. This can increase the likelihood of successful exploitation of other vulnerabilities or unauthorized access attempts. Organizations handling sensitive business data or operating in regulated sectors such as finance, healthcare, or government may face compliance risks if such information leakage leads to broader security incidents. The medium severity rating reflects a moderate risk level, but the ease of remote exploitation and the potential for information gathering make timely remediation important. The absence of known exploits reduces immediate risk but should not lead to complacency.

1. Upgrade all affected Tryton trytond instances to the fixed versions 7.6.11, 7.4.21, 7.0.40, or 6.0.70 as soon as possible. 2. Restrict network access to the trytond service to trusted IP addresses and internal networks only, minimizing exposure to potential attackers. 3. Implement robust authentication and authorization controls to limit privileges required to access trytond services, reducing the risk of exploitation. 4. Monitor server logs for unusual access patterns or error messages that could indicate attempts to exploit this vulnerability. 5. Conduct regular security assessments and penetration testing focused on ERP systems to identify and remediate similar information disclosure issues. 6. Educate system administrators about the risks of information leakage and the importance of applying vendor patches promptly. 7. Consider deploying web application firewalls or intrusion detection systems that can detect and block attempts to access sensitive error information.