2439059 – (CVE-2025-69872) CVE-2025-69872 python-diskcache: python-diskcache: Arbitrary code execution via insecure pickle deserialization

Bug 2439059 (CVE-2025-69872) - CVE-2025-69872 python-diskcache: python-diskcache: Arbitrary code execution via insecure pickle deserialization

Summary: CVE-2025-69872 python-diskcache: python-diskcache: Arbitrary code execution v...

Keywords:
Status:	NEW
Alias:	CVE-2025-69872
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2439089 2439090
Blocks:
TreeView+	depends on / blocked

Reported:	2026-02-11 19:01 UTC by OSIDB Bzimport
Modified:	2026-02-11 20:25 UTC (History)
CC List:	22 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-02-11 19:01:24 UTC

DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache.

Note You need to log in before you can comment on or make changes to this bug.

alinfoot
anthomas
bbrownin
dfreiber
drow
dtrifiro
ehelms
ggainey
jburrell
jkoehler
juwatts
lphiri
mhulan
nmoumoul
osousa
pcreech
rbryant
rchan
smallamp
tmalecek
vkumar
weaton