diff --git a/CHANGELOG.md b/CHANGELOG.md
index d65cdb9a448d256b9791e530a53e0165615d04cc..5b3ba3a958ba0b4c6f25897bd05b8c5f90308ed9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,9 +1,12 @@
 # Changelog
 ## --- [4.6.2] - 2025/TBD
+## NOTE From this version onwards, Python 3.9 will no longer work with Crafty
+
 ### New features
 TBD
 ### Bug fixes
 - Refactor translation parsing on creation pages ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/925))
+- [`CVE-2025-14700`] Security: Prevent users being able to access unsafe builtin attributes w/ jinja expressions ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/927))
 ### Tweaks
 - Update documentation reference url in API index ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/921))
 - Bump Orjson to 3.11.4 to resolve support for Python 3.14 ([Merge Request](https://gitlab.com/crafty-controller/crafty-4/-/merge_requests/922))
diff --git a/app/classes/web/webhooks/base_webhook.py b/app/classes/web/webhooks/base_webhook.py
index e031903e20ee26179c9de8ef946511947103e9c5..5824a47b578b348b422cbc283fd1bad438ad54bb 100644
--- a/app/classes/web/webhooks/base_webhook.py
+++ b/app/classes/web/webhooks/base_webhook.py
@@ -3,7 +3,8 @@ import logging
 import datetime
 import time
 import requests
-from jinja2 import Environment, BaseLoader
+from jinja2 import BaseLoader
+from jinja2.sandbox import ImmutableSandboxedEnvironment
 
 from app.classes.helpers.helpers import Helpers
 
@@ -11,6 +12,13 @@ logger = logging.getLogger(__name__)
 helper = Helpers()
 
 
+class CraftyRestrictedEnvironment(ImmutableSandboxedEnvironment):
+    def is_safe_attribute(self, obj, attr, value):
+        if attr.startswith("_"):
+            return False
+        return super().is_safe_attribute(obj, attr, value)
+
+
 class WebhookProvider(ABC):
     """
     Base class for all webhook providers.
@@ -20,7 +28,7 @@ class WebhookProvider(ABC):
     """
 
     def __init__(self):
-        self.jinja_env = Environment(
+        self.jinja_env = CraftyRestrictedEnvironment(
             loader=BaseLoader(),
             autoescape=True,
         )