CVE-2025-69872
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk40th percentile - higher than 40% of all known CVEs
Summary
The vulnerability in DiskCache (python-diskcache) up to version 5.6.3 is due to the default use of Python pickle for serialization. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache.
Risk Assessment
The risk is that an attacker with write access to the cache directory can take control of the application, potentially leading to data theft, system modification, or further propagation of the attack within the network.
Recommendation
It is recommended to immediately update DiskCache to the latest version that does not use pickle by default. If an update is not possible, configure an alternative serializer such as JSON and restrict write access to the cache directory to trusted processes only.
Original NVD description (English source)
DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache.

