CVE-2025-69872

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions DiskCache (python-diskcache) versions through 5.6.3

Description DiskCache (python-diskcache) through version 5.6.3 utilizes Python pickle for serialization by default. An attacker who has write access to the cache directory can execute arbitrary code when a victim application reads data from the cache. The issue stems from the use of Python pickle, which is susceptible to insecure deserialization.

Recommendations Versions prior to 5.6.4 should be updated.

Exploit

Fix

RCE

Deserialization of Untrusted Data

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502CWE-94

Related Identifiers

CVE-2025-69872

GHSA-W8V5-VHQR-4H9V

Affected Products

Diskcache

CVE-2025-69872

Weakness Enumeration

Related Identifiers

Affected Products

References · 19