CVE-2025-66424 identifies an incorrect authorization vulnerability (CWE-863) in the Tryton ERP system's trytond server component. Specifically, versions 6.0.0 through 7.5.0 do not properly enforce access rights when users attempt to export data. This means that users with limited privileges can bypass intended restrictions and export data they should not have access to, leading to unauthorized data disclosure. The vulnerability is exploitable remotely over the network without requiring user interaction, but it does require the attacker to have some level of privileges (PR:L). The CVSS 3.1 base score is 6.5, reflecting a medium severity with high confidentiality impact, no integrity or availability impact, and low attack complexity. The flaw was addressed in subsequent releases: 7.6.11, 7.4.21, 7.0.40, and 6.0.70, which enforce proper access control checks on data export operations. No known exploits are currently reported in the wild, but the vulnerability poses a risk of sensitive data leakage if left unpatched. Tryton is an open-source ERP widely used in various sectors, and the trytond server is the core backend service managing business logic and data access. This vulnerability undermines the fundamental security principle of least privilege by allowing unauthorized data export.

For European organizations using Tryton ERP, this vulnerability can lead to unauthorized disclosure of sensitive business data, including financial records, personnel information, or proprietary operational data. Such data leaks could result in regulatory non-compliance, especially under GDPR, leading to legal penalties and reputational damage. The medium severity score reflects that while the vulnerability does not affect data integrity or system availability, the confidentiality breach alone can have significant consequences. Attackers with limited privileges, such as lower-level employees or compromised accounts, could exploit this flaw to exfiltrate data without detection. This risk is particularly acute for organizations handling sensitive or regulated data. Additionally, the lack of user interaction requirement and network accessibility increases the attack surface. The absence of known exploits suggests a window of opportunity for defenders to patch before active exploitation occurs.

The primary mitigation is to upgrade all affected Tryton trytond instances to the fixed versions: 7.6.11, 7.4.21, 7.0.40, or 6.0.70, depending on the version branch in use. Organizations should conduct an inventory to identify all Tryton deployments and verify their versions. Until patches are applied, restrict network access to the trytond service to trusted internal networks and enforce strict authentication and authorization policies. Review and tighten export permissions to ensure only authorized roles can perform data exports. Implement monitoring and alerting on unusual export activity to detect potential exploitation attempts. Additionally, conduct security audits and penetration testing focused on access control mechanisms within Tryton. Educate users about the risk of privilege misuse and enforce the principle of least privilege to minimize exposure. Finally, maintain up-to-date backups and incident response plans in case of data compromise.