CVE-2025-66423 is an authorization bypass vulnerability classified under CWE-863, affecting the Tryton ERP system's trytond server component. Specifically, versions 6.0.0 through 7.5.0 fail to properly enforce access control on the route serving the HTML editor functionality. This flaw allows users with low privileges to access or manipulate data or features that should be restricted, leading to unauthorized disclosure of sensitive information. The vulnerability is remotely exploitable over the network without requiring user interaction, but it does require the attacker to have some level of authenticated access (low privilege). The CVSS v3.1 score of 7.1 reflects a high severity due to the high impact on confidentiality, limited impact on integrity, and no impact on availability. The vulnerability has been addressed in subsequent patch releases (7.6.11, 7.4.21, 7.0.40, and 6.0.70), which enforce proper access rights on the affected route. Although no active exploits have been reported, the flaw presents a significant risk to organizations relying on Tryton for enterprise resource planning, as unauthorized access to the HTML editor could lead to data leaks or further exploitation.

For European organizations, this vulnerability poses a significant risk to the confidentiality of sensitive business data managed within Tryton ERP systems. Unauthorized access to the HTML editor route could allow attackers to view or extract confidential information, potentially exposing financial, operational, or personal data. This could lead to regulatory non-compliance, especially under GDPR, resulting in legal and financial penalties. The integrity impact is limited but could facilitate further attacks if attackers leverage the unauthorized access to escalate privileges or manipulate data indirectly. Availability is not affected, so operational disruption is unlikely. Organizations in sectors such as manufacturing, finance, and public administration that use Tryton are particularly vulnerable. The lack of known exploits reduces immediate risk but does not eliminate the threat, as attackers may develop exploits given the vulnerability’s straightforward nature.

European organizations should immediately assess their Tryton trytond versions and prioritize upgrading to the fixed versions: 7.6.11, 7.4.21, 7.0.40, or 6.0.70. If immediate patching is not feasible, restrict network access to the trytond server, especially limiting access to the HTML editor route to trusted administrators only. Implement strict role-based access controls (RBAC) and audit logs to detect unauthorized access attempts. Conduct thorough reviews of user privileges to ensure no unnecessary low-privilege accounts can access sensitive routes. Employ network segmentation to isolate ERP systems from less secure network zones. Monitor for unusual activity on the HTML editor endpoint and related services. Finally, maintain up-to-date backups and incident response plans to mitigate potential data exposure consequences.