A high-severity vulnerability has been identified in multiple Tryton products, specifically affecting the trytond 6 server component. This flaw could allow an authenticated attacker with low-level privileges to access and exfiltrate sensitive information from the underlying database. Successful exploitation could lead to a significant data breach, compromising confidential business, customer, or financial data.

The vulnerability is an authenticated SQL injection flaw within the trytond server's data processing module. An attacker with valid, low-privilege user credentials can send a specially crafted request to a specific API endpoint. Due to improper input sanitization, this malicious request can inject and execute arbitrary SQL commands, allowing the attacker to bypass access controls and directly query the application's database, leading to unauthorized disclosure of sensitive information.

This vulnerability is rated as High severity with a CVSS score of 7.1. Exploitation could have a significant negative impact on the business by enabling unauthorized access to critical and confidential data stored within the ERP system. Potential consequences include the theft of customer personal identifiable information (PII), financial records, intellectual property, or other proprietary business data. Such a data breach could result in severe reputational damage, regulatory fines (e.g., under GDPR), and financial loss.

Immediate Action: The primary remediation is to apply the security updates provided by the vendor across all affected systems immediately. Prioritize patching for internet-facing instances of Tryton. After patching, it is critical to monitor for any signs of post-patch exploitation attempts and review historical access and database logs for indicators of compromise.

Proactive Monitoring: Implement enhanced monitoring on Tryton application servers and backend databases. Security teams should look for unusual or malformed SQL queries in database logs, an increase in API errors, or access patterns from low-privileged users targeting sensitive data models. Monitor network traffic for any signs of large or unusual data exfiltration.

Compensating Controls: If immediate patching is not feasible, implement compensating controls to reduce the risk. Deploy a Web Application Firewall (WAF) with rules specifically designed to detect and block SQL injection attacks. Additionally, review and enforce the principle of least privilege, restricting user access to only the data and functions essential for their roles, which may limit the scope of a potential compromise.

Public Exploit Available: false

Given the high severity rating (CVSS 7.1) and the potential for a significant data breach, we strongly recommend that organizations apply the vendor-supplied security patches to all affected Tryton installations as an urgent priority. Although this vulnerability is not currently listed on the CISA KEV catalog, its characteristics make it an attractive target for attackers. If patching is delayed, the compensating controls outlined above should be implemented immediately to mitigate the risk of exploitation.