CVE-2025-69872
DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache direc
CVSS
9.8
Crítico
EPSS
0.5%
p41
KEV
—
Exploit Today
12
0-100
Publicado: 11 feb 2026 · Última mod.: 15 jul 2026 · CWE-94 · CWE-502
0.5%EPSS · 30 días0.5%
2026-06-302026-07-17
DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache.
- github.comhttps://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69872-DiskCache-Pickle-Deserialization.md
- github.comhttps://github.com/grantjenks/python-diskcache
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:36350
- access.redhat.comhttps://access.redhat.com/errata/RHSA-2026:3713
- access.redhat.comhttps://access.redhat.com/security/cve/CVE-2025-69872
- bugzilla.redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2439059
- security.access.redhat.comhttps://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69872.json
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2025-32489.8 CRÍ100.0%
KEV—80Langflow Missing Authentication Vulnerability3dCVE-2021-422379.8 CRÍ99.9%
KEV—80Sitecore XP Remote Command Execution Vulnerability9dCVE-2026-341978.8 ALT99.9%
KEV—80Apache ActiveMQ Improper Input Validation Vulnerability3dCVE-2026-456598.8 ALT86.8%
KEV—76Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability16dCVE-2026-154107.2 ALT71.1%
KEV—71SonicWall SMA1000 Appliances Code Injection Vulnerability2dCVE-2026-586449.8 CRÍ70.7%
KEV—71Microsoft SharePoint Deserialization of Untrusted Data Vulnerability1d