Any authenticated user can run arbitrary commands on the server with the permissions of the trytond user.
There is no workaround.
All users should upgrade trytond to the latest version of the used series.
- issue4155 https://bugs.tryton.org/issue4155
- CVE-2014-6633 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6633
Any security concerns should be reported on the bug-tracker at https://bugs.tryton.org/ with the type security.