Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-69872

Опубликовано: 11 фев. 2026
Источник: redhat
CVSS3: 7.6

Описание

DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache.

A deserialization flaw was found in python-diskcache. This component uses Python pickle for serialization by default. An attacker with write access to the cache directory can exploit this vulnerability to achieve arbitrary code execution when a victim application reads from the cache. The impact of this flaw is scoped to the user running the tool.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat AI Inference Serverrhaiis-preview/vllm-cuda-rhel9Affected
Red Hat AI Inference Serverrhaiis/vllm-cuda-rhel9Not affected
Red Hat AI Inference Serverrhaiis/vllm-rocm-rhel9Not affected
Red Hat AI Inference Serverrhaiis/vllm-spyre-rhel9Affected
Red Hat AI Inference Serverrhaiis/vllm-tpu-rhel9Affected
Red Hat Enterprise Linux AI (RHEL AI) 3rhelai3/bootc-aws-cuda-rhel9Not affected
Red Hat Enterprise Linux AI (RHEL AI) 3rhelai3/bootc-azure-cuda-rhel9Not affected
Red Hat Enterprise Linux AI (RHEL AI) 3rhelai3/bootc-cuda-rhel9Not affected
Red Hat Enterprise Linux AI (RHEL AI) 3rhelai3/bootc-gcp-cuda-rhel9Not affected
Red Hat OpenShift AI (RHOAI)rhoai/odh-kserve-controller-rhel9Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-502
https://bugzilla.redhat.com/show_bug.cgi?id=2439059python-diskcache: python-diskcache: Arbitrary code execution via insecure pickle deserialization

7.6 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-69872

CVSS3: 9.8
ubuntu
около 2 месяцев назад

DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache.

nvd логотип

CVE-2025-69872

CVSS3: 9.8
nvd
около 2 месяцев назад

DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache.

debian логотип

CVE-2025-69872

CVSS3: 9.8
debian
около 2 месяцев назад

DiskCache (python-diskcache) through 5.6.3 uses Python pickle for seri ...

github логотип

GHSA-w8v5-vhqr-4h9v

github
около 2 месяцев назад

DiskCache has unsafe pickle deserialization

7.6 High

CVSS3