CVE-2025-69872 — Vulnetix

CVE-2025-69872 PUBLISHED CVSS 5.199999809265137 MEDIUM

DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache.

EPSS 0.04% · 12.8th percentile

Risk Scores

CVSS v4.0

5.199999809265137

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

EPSS Score

0.04%

12.8th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a, *
PyPI	diskcache	0, 0

Timeline

Jan 9, 2026 CVE ID Reserved
Feb 11, 2026 CVE Published
Feb 12, 2026 EPSS Score
Feb 12, 2026 PoC Published
Feb 12, 2026 CVE Updated
Feb 13, 2026 PoC Published
Feb 14, 2026 EPSS Score
Feb 16, 2026 EPSS Score
Feb 18, 2026 EPSS Score
Feb 20, 2026 EPSS Score
Feb 22, 2026 EPSS Score
Feb 24, 2026 EPSS Score

References

https://github.com/grantjenks/python-diskcache url
https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69872-DiskCache-Pickle-Deserialization.md url
https://nvd.nist.gov/vuln/detail/CVE-2025-69872 advisory

Open in Interactive Console →