CVE-2025-66435 | Frappe ERPNext up to 15.89.0 Jinja2 Template render_template contract_terms special elements used in a template engine

Inserito da Angelo Barbosa | Dic 15, 2025 | CVE

A vulnerability was found in Frappe ERPNext up to 15.89.0. It has been rated as critical. This issue affects the function render_template of the component Jinja2 Template Handler. Performing manipulation of the argument contract_terms results in improper neutralization of special elements used in a template engine.

This vulnerability was named CVE-2025-66435. The attack may be initiated remotely. There is no available exploit.

CVE-2025-66435 | Frappe ERPNext up to 15.89.0 Jinja2 Template render_template contract_terms special elements used in a template engine

Post correlati

CVE-2024-48540 | XIAO HE Smart 4.3.1 information disclosure

CVE-2023-48387 | TAIWAN-CA JCICSecurityTool 4.2.3.32 cross site scripting

CVE-2024-2180 | Zemana AntiLogger 2.74.204.664 IOCTL Code zam64.sys information disclosure

CVE-2024-5280 | WP-FeedStats wp-affiliate-platform Plugin up to 6.5.0 on WordPress cross-site request forgery