CVE-2025-69872

Critical CVSS: 9.8

DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache.

Vendor

Product

CWE

CWE-94

Yayın Tarihi

2026-02-11 19:15:50

Güncelleme

2026-02-12 16:16:05

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-94 CRITICAL 2026

Referanslar

https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69872-DiskCache-Pickle-Deserialization.md https://github.com/grantjenks/python-diskcache