diff --git a/app/code/Magento/Customer/Model/Address/AbstractAddress.php b/app/code/Magento/Customer/Model/Address/AbstractAddress.php
index 51999970d2fbe..47aaabbf4aa31 100644
--- a/app/code/Magento/Customer/Model/Address/AbstractAddress.php
+++ b/app/code/Magento/Customer/Model/Address/AbstractAddress.php
@@ -1,7 +1,7 @@
 <?php
 /**
- * Copyright © Magento, Inc. All rights reserved.
- * See COPYING.txt for license details.
+ * Copyright 2013 Adobe
+ * All Rights Reserved.
  */
 
 namespace Magento\Customer\Model\Address;
@@ -141,6 +141,9 @@ class AbstractAddress extends AbstractExtensibleModel implements AddressModelInt
     /** @var CompositeValidator */
     private $compositeValidator;
 
+    /** @var CompositeSanitizer */
+    private $compositeSanitizer;
+
     /**
      * @var array
      */
@@ -166,6 +169,7 @@ class AbstractAddress extends AbstractExtensibleModel implements AddressModelInt
      * @param CompositeValidator $compositeValidator
      * @param CountryModelsCache|null $countryModelsCache
      * @param RegionModelsCache|null $regionModelsCache
+     * @param CompositeSanitizer|null $compositeSanitizer
      *
      * @SuppressWarnings(PHPMD.ExcessiveParameterList)
      */
@@ -189,6 +193,7 @@ public function __construct(
         ?CompositeValidator $compositeValidator = null,
         ?CountryModelsCache $countryModelsCache = null,
         ?RegionModelsCache $regionModelsCache = null,
+        ?CompositeSanitizer $compositeSanitizer = null
     ) {
         $this->_directoryData = $directoryData;
         $data = $this->_implodeArrayField($data);
@@ -206,6 +211,8 @@ public function __construct(
             ->get(CountryModelsCache::class);
         $this->regionModelsCache = $regionModelsCache ?: ObjectManager::getInstance()
             ->get(RegionModelsCache::class);
+        $this->compositeSanitizer = $compositeSanitizer ?: ObjectManager::getInstance()
+            ->get(CompositeSanitizer::class);
         parent::__construct(
             $context,
             $registry,
@@ -680,6 +687,17 @@ public function validate()
         return $errors;
     }
 
+    /**
+     * Sanitize address attribute values.
+     *
+     * @return $this
+     */
+    public function sanitize(): self
+    {
+        $this->compositeSanitizer->sanitize($this);
+        return $this;
+    }
+
     /**
      * Create region instance
      *
diff --git a/app/code/Magento/Customer/Model/Address/CompositeSanitizer.php b/app/code/Magento/Customer/Model/Address/CompositeSanitizer.php
new file mode 100644
index 0000000000000..8e7e8bdb944b9
--- /dev/null
+++ b/app/code/Magento/Customer/Model/Address/CompositeSanitizer.php
@@ -0,0 +1,40 @@
+<?php
+/**
+ * Copyright 2025 Adobe
+ * All Rights Reserved.
+ */
+declare(strict_types=1);
+
+namespace Magento\Customer\Model\Address;
+
+/**
+ * Address composite validator.
+ */
+class CompositeSanitizer implements SanitizerInterface
+{
+    /**
+     * @var SanitizerInterface[]
+     */
+    private array $sanitizers;
+
+    /**
+     * @param array $sanitizers
+     */
+    public function __construct(
+        array $sanitizers = []
+    ) {
+        $this->sanitizers = $sanitizers;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function sanitize(AbstractAddress $address): AbstractAddress
+    {
+        foreach ($this->sanitizers as $sanitizer) {
+            $sanitizer->sanitize($address);
+        }
+
+        return $address;
+    }
+}
diff --git a/app/code/Magento/Customer/Model/Address/Sanitizer/TemplateVars.php b/app/code/Magento/Customer/Model/Address/Sanitizer/TemplateVars.php
new file mode 100644
index 0000000000000..026168cdfdde4
--- /dev/null
+++ b/app/code/Magento/Customer/Model/Address/Sanitizer/TemplateVars.php
@@ -0,0 +1,76 @@
+<?php
+/**
+ * Copyright 2025 Adobe
+ * All Rights Reserved.
+ */
+declare(strict_types=1);
+
+namespace Magento\Customer\Model\Address\Sanitizer;
+
+use Magento\Customer\Model\Address\SanitizerInterface;
+use Magento\Customer\Model\Address\AbstractAddress;
+
+class TemplateVars implements SanitizerInterface
+{
+    /**
+     * Template vars patter
+     * @var string
+     */
+    private string $templateVarsPattern = '/\{\{\s*([^{}]+)\s*\}\}/';
+
+    /**
+     * List of attributes that can be entered via user input or API
+     * @var array|string[]
+     */
+    private array $attributesToSanitize = [
+        'firstname',
+        'lastname',
+        'middlename',
+        'city',
+        'company',
+        'country_id',
+        'fax',
+        'postcode',
+        'prefix',
+        'region',
+        'region_id',
+        'street',
+        'suffix',
+        'telephone',
+        'vat_id'
+    ];
+
+    /**
+     * Sanitize string for template vars in address attributes.
+     *
+     * @param AbstractAddress $address
+     * @return AbstractAddress
+     */
+    public function sanitize(AbstractAddress $address): AbstractAddress
+    {
+        foreach ($this->attributesToSanitize as $attributeCode) {
+            $attributeValue = $address->getData($attributeCode);
+            preg_match_all($this->templateVarsPattern, (string)$attributeValue, $matches);
+            if (!empty($matches[0])) {
+                $sanitizedAttributeValue = $this->sanitizeTemplateVars($attributeValue);
+                $address->setData($attributeCode, $sanitizedAttributeValue);
+            }
+        }
+
+        return $address;
+    }
+
+    /**
+     * Sanitize string for template vars in address attributes.
+     *
+     * @param string $value
+     * @return string
+     */
+    private function sanitizeTemplateVars(string $value): string
+    {
+        if (!empty($value)) {
+            return str_replace(['{', '}'], ['&#123;', '&#125;'], $value);
+        }
+        return $value;
+    }
+}
diff --git a/app/code/Magento/Customer/Model/Address/SanitizerInterface.php b/app/code/Magento/Customer/Model/Address/SanitizerInterface.php
new file mode 100644
index 0000000000000..6bd409fac3768
--- /dev/null
+++ b/app/code/Magento/Customer/Model/Address/SanitizerInterface.php
@@ -0,0 +1,20 @@
+<?php
+/**
+ * Copyright 2025 Adobe
+ * All Rights Reserved.
+ */
+declare(strict_types=1);
+
+namespace Magento\Customer\Model\Address;
+
+interface SanitizerInterface
+{
+    /**
+     * Sanitize address instance.
+     *
+     * @param AbstractAddress $address
+     * @return AbstractAddress
+     * @since 102.0.0
+     */
+    public function sanitize(AbstractAddress $address): AbstractAddress;
+}
diff --git a/app/code/Magento/Customer/Model/Address/Validator/General.php b/app/code/Magento/Customer/Model/Address/Validator/General.php
index 23c6d687328f3..e751d1c5e5198 100644
--- a/app/code/Magento/Customer/Model/Address/Validator/General.php
+++ b/app/code/Magento/Customer/Model/Address/Validator/General.php
@@ -1,7 +1,7 @@
 <?php
 /**
- * Copyright © Magento, Inc. All rights reserved.
- * See COPYING.txt for license details.
+ * Copyright 2018 Adobe
+ * All Rights Reserved.
  */
 namespace Magento\Customer\Model\Address\Validator;
 
diff --git a/app/code/Magento/Customer/Model/ResourceModel/AddressRepository.php b/app/code/Magento/Customer/Model/ResourceModel/AddressRepository.php
index fed467a6c2a4b..a03bf7e4895cf 100644
--- a/app/code/Magento/Customer/Model/ResourceModel/AddressRepository.php
+++ b/app/code/Magento/Customer/Model/ResourceModel/AddressRepository.php
@@ -1,7 +1,7 @@
 <?php
 /**
- * Copyright © Magento, Inc. All rights reserved.
- * See COPYING.txt for license details.
+ * Copyright 2014 Adobe
+ * All Rights Reserved.
  */
 namespace Magento\Customer\Model\ResourceModel;
 
@@ -126,6 +126,7 @@ public function save(\Magento\Customer\Api\Data\AddressInterface $address)
             $addressModel->setStoreId($customerModel->getStoreId());
         }
 
+        $addressModel = $addressModel->sanitize();
         $errors = $addressModel->validate();
         if ($errors !== true) {
             $inputException = new InputException();
diff --git a/app/code/Magento/Customer/Test/Unit/Model/ResourceModel/AddressRepositoryTest.php b/app/code/Magento/Customer/Test/Unit/Model/ResourceModel/AddressRepositoryTest.php
index 704537ce28fef..b8397d305a2d4 100644
--- a/app/code/Magento/Customer/Test/Unit/Model/ResourceModel/AddressRepositoryTest.php
+++ b/app/code/Magento/Customer/Test/Unit/Model/ResourceModel/AddressRepositoryTest.php
@@ -1,7 +1,7 @@
 <?php
 /**
- * Copyright © Magento, Inc. All rights reserved.
- * See COPYING.txt for license details.
+ * Copyright 2015 Adobe
+ * All Rights Reserved.
  */
 declare(strict_types=1);
 
@@ -142,6 +142,7 @@ protected function setUp(): void
                     'updateData',
                     'setCustomer',
                     'getCountryModel',
+                    'sanitize',
                     'validate',
                     'save',
                     'getDataModel',
@@ -210,6 +211,9 @@ public function testSave()
         $this->address->expects($this->once())
             ->method('setCustomer')
             ->with($this->customer);
+        $this->address->expects($this->once())
+            ->method('sanitize')
+            ->willReturn($this->address);
         $this->address->expects($this->once())
             ->method('validate')
             ->willReturn(true);
@@ -280,6 +284,9 @@ public function testSaveWithConfigCustomerAccountShareScopeWebsite()
             ->willReturn(true);
         $this->address->expects($this->once())
             ->method('setStoreId');
+        $this->address->expects($this->once())
+            ->method('sanitize')
+            ->willReturn($this->address);
         $this->address->expects($this->once())
             ->method('validate')
             ->willReturn(true);
@@ -350,6 +357,9 @@ public function testSaveWithConfigCustomerAccountShareScopeGlobal()
             ->willReturn(false);
         $this->address->expects($this->never())
             ->method('setStoreId');
+        $this->address->expects($this->once())
+            ->method('sanitize')
+            ->willReturn($this->address);
         $this->address->expects($this->once())
             ->method('validate')
             ->willReturn(true);
@@ -404,6 +414,9 @@ public function testSaveWithException()
         $this->address->expects($this->once())
             ->method('updateData')
             ->with($customerAddress);
+        $this->address->expects($this->once())
+            ->method('sanitize')
+            ->willReturn($this->address);
         $this->address->expects($this->once())
             ->method('validate')
             ->willReturn($errors);
@@ -446,6 +459,9 @@ public function testSaveWithInvalidRegion()
         $this->address->expects($this->never())
             ->method('getRegionId')
             ->willReturn(null);
+        $this->address->expects($this->once())
+            ->method('sanitize')
+            ->willReturn($this->address);
         $this->address->expects($this->once())
             ->method('validate')
             ->willReturn($errors);
@@ -487,6 +503,9 @@ public function testSaveWithInvalidRegionId()
         $this->address->expects($this->never())
             ->method('getRegion')
             ->willReturn('');
+        $this->address->expects($this->once())
+            ->method('sanitize')
+            ->willReturn($this->address);
         $this->address->expects($this->once())
             ->method('validate')
             ->willReturn($errors);
diff --git a/app/code/Magento/Customer/etc/di.xml b/app/code/Magento/Customer/etc/di.xml
index 00a8597d8c364..87011bf7398eb 100644
--- a/app/code/Magento/Customer/etc/di.xml
+++ b/app/code/Magento/Customer/etc/di.xml
@@ -472,6 +472,13 @@
             </argument>
         </arguments>
     </type>
+    <type name="Magento\Customer\Model\Address\CompositeSanitizer">
+        <arguments>
+            <argument name="sanitizers" xsi:type="array">
+                <item name="templateVars" xsi:type="object">Magento\Customer\Model\Address\Sanitizer\TemplateVars</item>
+            </argument>
+        </arguments>
+    </type>
     <type name="Magento\Customer\Model\ResourceModel\Group\Grid\Collection">
         <arguments>
             <argument name="mainTable" xsi:type="string">customer_group</argument>