CVE-2025-66437 is a Server-Side Template Injection vulnerability found in the get_address_display method of Frappe ERPNext versions through 15.89.0. The vulnerability stems from the way address templates are rendered using frappe.render_template() with a context derived from the address_dict parameter, which can be a dictionary or a string referencing an Address document. Although ERPNext employs a custom Jinja2 SandboxedEnvironment intended to restrict template execution, it inadvertently exposes dangerous functions like frappe.db.sql through get_safe_globals(). This exposure allows an authenticated attacker who has permission to create or modify Address Templates to inject arbitrary Jinja expressions into the template field. By creating an Address document with a matching country and invoking the get_address_display API with address_dict="address_name", the malicious template is rendered with attacker-controlled data. This results in server-side code execution or unauthorized database queries, compromising system confidentiality, integrity, and availability. The vulnerability requires authentication and specific permissions but does not require user interaction beyond that. With a CVSS score of 8.8 (high severity), the flaw represents a critical risk to ERPNext deployments, especially in environments where template editing permissions are not tightly controlled. No known exploits are currently reported in the wild, but the potential impact is significant given the ability to execute arbitrary code and access sensitive data.

For European organizations, the impact of CVE-2025-66437 can be severe. ERPNext is widely used for managing enterprise resources, including financials, inventory, and customer data. Exploitation could lead to unauthorized data disclosure, including sensitive business and personal information, and allow attackers to execute arbitrary code on ERP servers, potentially leading to full system compromise. This could disrupt business operations, cause data breaches subject to GDPR penalties, and damage organizational reputation. The requirement for authenticated access with template editing permissions somewhat limits the attack surface but does not eliminate risk, especially in large organizations with many users or insufficient permission controls. Attackers could leverage this vulnerability to pivot within networks, escalate privileges, or implant persistent backdoors. The availability of ERP services could also be impacted by malicious code execution, causing downtime and operational losses. Given the critical role of ERP systems in European industries such as manufacturing, logistics, and public sector services, the threat is significant.

To mitigate CVE-2025-66437, European organizations should immediately audit and restrict permissions related to creating or modifying Address Templates in ERPNext, ensuring only trusted administrators have such access. Implement strict role-based access controls (RBAC) and regularly review user privileges. Monitor template content for suspicious Jinja expressions or unexpected changes. Apply any available patches or updates from ERPNext vendors promptly once released. If patches are not yet available, consider disabling or restricting the get_address_display API usage or the Address Template feature temporarily. Employ network segmentation and monitoring to detect anomalous API calls or unusual database queries originating from ERPNext servers. Conduct thorough security training for administrators to recognize and prevent unsafe template modifications. Additionally, implement application-layer firewalls or runtime application self-protection (RASP) solutions that can detect and block SSTI attempts. Regularly back up ERP data and test recovery procedures to minimize impact in case of exploitation.