CVE-2025-69872CRITICAL 9.8EPSS p41.4%

CVE-2025-69872CVE-2025-69872

Description

DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.55% probability of exploitation · percentile 41.4% · 2026-06-19T12:03:05Z
Published2026-02-11
Last modified2026-04-15

Underlying weaknesses· 1

CWE-94

References

  1. https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69872-DiskCache-Pickle-Deserialization.md
  2. https://github.com/grantjenks/python-diskcache

1

TypeTargetConfidenceTier
WeaknessImproper Control of Generation of Code ('Code Injection')cwe-940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-61622
CVE
CVE-2025-45146
CVE
CVE-2025-1127
CVE
CVE-2025-60455
CVE
CVE-2025-63675
CVE
CVE-2025-6279
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.