Home / Vulnerability Intelligence / CVE-2025-69872

CVE-2025-69872 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: February 12, 2026

DiskCache python-diskcache - Insecure Deserialization

Published: February 11, 2026Updated: February 12, 2026Remote Exploitable

Overview

DiskCache (python-diskcache) through 5.6.3 contains an insecure deserialization vulnerability caused by use of Python pickle for serialization, letting attackers with write access to the cache directory achieve arbitrary code execution when victim reads from cache.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 7.8%(Probability of exploitation in next 30 days)

Impact

Attackers with write access to cache directory can execute arbitrary code remotely when victim reads from cache.

Mitigation

Update to the latest version that does not use insecure serialization or apply patches to avoid pickle usage.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Feb 13, 2026

🔴 CVE-2025-69872 - Critical (9.8) DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69872/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2025-69872
Severity: Critical
CVSS Score: 9.8
Type: insecure_deserialization
Status: unconfirmed
EPSS: 7.8%
Social Posts: 1

CWE

CWE-94

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

7.8%Probability of exploitation in the next 30 days