PatchSiren cyber security CVE debrief
CVE-2025-69872 grantjenks CVE debrief
CVE-2025-69872 is a critical vulnerability in DiskCache (python-diskcache) through version 5.6.3. The vulnerability uses Python pickle for serialization by default, allowing an attacker with write access to the cache directory to achieve arbitrary code execution when a victim application reads from the cache. The vulnerability has a CVSS score of 9.8 and is considered critical. The CVE was published on February 11, 2026, and last modified on June 30, 2026. Multiple sources, including Red Hat and GitHub, have provided information about this vulnerability.
- Vendor
- grantjenks
- Product
- python-diskcache
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-11
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-02-11
- Advisory updated
- 2026-06-30
Who should care
Organizations using DiskCache (python-diskcache) through version 5.6.3 should be aware of this critical vulnerability. An attacker with write access to the cache directory can exploit this vulnerability to achieve arbitrary code execution. Therefore, it is essential for organizations to update to a secure version of DiskCache and implement additional security measures to prevent exploitation.
Technical summary
The DiskCache (python-diskcache) library through version 5.6.3 uses Python pickle for serialization by default. This allows an attacker with write access to the cache directory to inject malicious pickle data, which can be executed when a victim application reads from the cache. The vulnerability is due to the insecure use of pickle, which can lead to arbitrary code execution. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Defensive priority
High priority should be given to updating DiskCache to a secure version that does not use pickle for serialization. Additionally, organizations should implement security measures to restrict write access to the cache directory and monitor for suspicious activity.
Recommended defensive actions
- Update DiskCache to a secure version that does not use pickle for serialization.
- Restrict write access to the cache directory to prevent attackers from injecting malicious data.
- Monitor for suspicious activity and implement additional security measures to detect and prevent exploitation.
- Implement compensating controls, such as validating and sanitizing cache data, to prevent exploitation.
- Track exceptions and anomalies in cache access and usage.
Evidence notes
The CVE-2025-69872 vulnerability was published on February 11, 2026, and last modified on June 30, 2026. The vulnerability has a CVSS score of 9.8 and is considered critical. Multiple sources, including Red Hat and GitHub, have provided information about this vulnerability. However, the exact scope of affected systems and the vendor's remediation workflow are not clear.
Official resources
-
CVE-2025-69872 CVE record
CVE.org
-
CVE-2025-69872 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
- Source reference
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article is AI-assisted and based on the supplied source corpus.