CVE-2025-66435 | Frappe ERPNext up to 15.89.0 Jinja2 Template render_template contract_terms special elements used in a template engine

A vulnerability was found in Frappe ERPNext up to 15.89.0. It has been rated as critical. This issue affects the function render_template of the component Jinja2 Template Handler. Performing manipulation of the argument contract_terms results in improper neutralization of special elements used in a template engine.

This vulnerability was named CVE-2025-66435. The attack may be initiated remotely. There is no available exploit.VulDB Recent EntriesRead More