diff --git a/.github/workflows/ci_tests.yml b/.github/workflows/ci_tests.yml
index 08a83e2..d4bc7ac 100644
--- a/.github/workflows/ci_tests.yml
+++ b/.github/workflows/ci_tests.yml
@@ -63,6 +63,12 @@ jobs:
       uses: pypa/gh-action-pip-audit@v1.1.0
       with:
         inputs: ${{ runner.temp }}/requirements.txt
+        # CVE-2025-69872: DiskCache 5.6.3
+        #   DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default.
+        #   An attacker with write access to the cache directory can achieve arbitrary code execution
+        #   when a victim application reads from the cache.
+        ignore-vulns: |
+          CVE-2025-69872
 
     - name: Build docs
       run: mkdocs build --strict
@@ -96,6 +102,3 @@ jobs:
       uses: pypa/gh-action-pip-audit@v1.1.0
       with:
         inputs: ${{ github.workspace }}/requirements.txt ${{ github.workspace }}/.github/utils/requirements.txt
-        # Temporarily ignore pip vulnerability until we can upgrade to pip 25.3+
-        ignore-vulns: |
-          GHSA-4xh5-x5gv-qwph
diff --git a/{{ cookiecutter.project_slug }}/.github/utils/requirements_ci.txt b/{{ cookiecutter.project_slug }}/.github/utils/requirements_ci.txt
index d41510d..1761760 100644
--- a/{{ cookiecutter.project_slug }}/.github/utils/requirements_ci.txt	
+++ b/{{ cookiecutter.project_slug }}/.github/utils/requirements_ci.txt	
@@ -1 +1 @@
-pip-tools==7.5.2
+pip-tools==7.5.3
diff --git a/{{ cookiecutter.project_slug }}/.github/workflows/ci_tests.yml b/{{ cookiecutter.project_slug }}/.github/workflows/ci_tests.yml
index 9fb5d02..a5472ef 100644
--- a/{{ cookiecutter.project_slug }}/.github/workflows/ci_tests.yml	
+++ b/{{ cookiecutter.project_slug }}/.github/workflows/ci_tests.yml	
@@ -70,9 +70,12 @@ jobs:
       uses: pypa/gh-action-pip-audit@v1.1.0
       with:
         inputs: ${{ runner.temp }}/requirements.txt
-        # Temporarily ignore pip vulnerability until we can upgrade to pip 25.3+
+        # CVE-2025-69872: DiskCache 5.6.3
+        #   DiskCache (python-diskcache) through 5.6.3 uses Python pickle for serialization by default.
+        #   An attacker with write access to the cache directory can achieve arbitrary code execution
+        #   when a victim application reads from the cache.
         ignore-vulns: |
-          GHSA-4xh5-x5gv-qwph
+          CVE-2025-69872
 
   pytest:
     name: pytest (${{ matrix.os[1] }}-py${{ matrix.python-version }})