Cache Me if You Can: Unpickling RCE in Python DiskCache
Vulnerability ID: CVE-2025-69872
CVSS Score: 7.3
Published: 2026-02-11
A critical insecure deserialization vulnerability in the popular python-diskcache library allows local attackers to achieve arbitrary code execution. By manipulating the underlying SQLite database or cache files, an attacker can trick the application into unpickling a malicious payload.
TL;DR
DiskCache uses Python's pickle module by default to serialize data to disk. Because pickle is inherently unsafe, anyone with write access to the cache directory (e.g., via shared permissions or container volumes) can inject a payload that executes arbitrary code when the application reads from the cache.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-502
- Attack Vector: Local (File Manipulation)
- CVSS: 7.3 (High)
- Impact: Arbitrary Code Execution
- Exploit Status: PoC Available
- Affected Component: diskcache.core.Cache.get()
Affected Systems
- Python Applications using diskcache <= 5.6.3
- Django projects using django-diskcache
- Data science pipelines using diskcache for memoization
-
python-diskcache: <= 5.6.3 (Fixed in:
N/A (Requires Config Change))
Exploit Details
- GitHub: Original disclosure and PoC demonstrating local cache poisoning.
Mitigation Strategies
- Abandon
pickleserialization in favor ofJSONDisk. - Enforce strict filesystem permissions (0700) on cache directories.
- Isolate cache storage per application/container.
Remediation Steps:
- Identify all instances of
diskcache.Cacheordiskcache.FanoutCachein the codebase. - Modify the constructor to pass
disk=JSONDisk. - Verify that cached data types are JSON-serializable.
- Flush existing caches to remove potential historical poison.
- Update infrastructure scripts to ensure cache directories are created with restricted permissions.
References
Read the full report for CVE-2025-69872 on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)