CVE-2025-69872
Awaiting Analysis Awaiting Analysis - Queue
Arbitrary Code Execution via Pickle in DiskCache

Publication date: 2026-02-11

Last updated on: 2026-02-12

Assigner: MITRE

Description
DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-11
Last Modified
2026-02-12
Generated
2026-06-16
AI Q&A
2026-02-11
EPSS Evaluated
2026-06-14
NVD
CVE-2025-69872
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
grantjenks python-diskcache 5.6.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in DiskCache (python-diskcache) through version 5.6.3 arises because it uses Python's pickle module for serialization by default.

An attacker who has write access to the cache directory can exploit this by placing malicious pickle data. When the victim application reads from the cache, the malicious pickle data can trigger arbitrary code execution.

Impact Analysis

This vulnerability can lead to arbitrary code execution on the system running the vulnerable DiskCache version.

If an attacker can write to the cache directory, they can execute malicious code with the privileges of the application reading the cache, potentially leading to system compromise, data theft, or further attacks.

Compliance Impact

I don't know

Detection Guidance

Detection of this vulnerability involves identifying if the DiskCache library (python-diskcache) version 5.6.3 or earlier is in use and if the cache directory is writable by untrusted users.

You can check for the presence and version of python-diskcache in your environment by running the following command in your Python environment:

  • pip show diskcache

To check if the cache directory is writable by untrusted users, you can inspect the permissions of the cache directory used by your application. For example, on a Unix-like system, use:

  • ls -ld /path/to/cache_directory

If the directory permissions allow write access to untrusted users, the system is vulnerable.

Mitigation Strategies

Immediate mitigation steps include restricting write access to the cache directory to trusted users only, preventing attackers from writing malicious pickle data.

Additionally, upgrading python-diskcache to a version later than 5.6.3 that addresses this vulnerability or configuring the library to avoid using pickle for serialization can help mitigate the risk.

If upgrading is not immediately possible, consider isolating the cache directory and monitoring it for unauthorized changes.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69872. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart