CVE-2025-58756
published 2025-09-09CVE-2025-58756: MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.0, in `model_dict = torch.load(full_path…
PriorityP260high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.68%
47.9th percentile
MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.0, in `model_dict = torch.load(full_path, map_location=torch.device(device), weights_only=True)` in monai/bundle/scripts.py , `weights_only=True` is loaded securely. However, insecure loading methods still exist elsewhere in the project, such as when loading checkpoints. This is a common practice when users want to reduce training time and costs by loading pre-trained models downloaded from other platforms. Loading a checkpoint containing malicious content can trigger a deserialization vulnerability, leading to code execution. As of time of publication, no known fixed versions are available.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| monai | medical_open_network_for_ai | <= 1.5.0 | — |
| project-monai | monai | <= 1.5.0 | — |
| project-monai | monai | >= 0 < 1.5.1 | 1.5.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
MONAI: Unsafe torch usage may lead to arbitrary code execution
ghsa·2025-09-09
CVE-2025-58756 [HIGH] CWE-502 MONAI: Unsafe torch usage may lead to arbitrary code execution
MONAI: Unsafe torch usage may lead to arbitrary code execution
### Summary
In ```model_dict = torch.load(full_path, map_location=torch.device(device), weights_only=True)``` in monai/bundle/scripts.py , ```weights_only=True``` is loaded securely. However, insecure loading methods still exist elsewhere in the project, such as when loading checkpoints.
This is a common practice when users want to reduce training time and costs by loading pre-trained models downloaded from platforms like huggingface.
Loading a checkpoint containing malicious content can trigger a deserialization vulnerability, leading to code execution.
The following proof-of-concept demonstrates the issues that arise when loading insecure checkpoints.
```
import os
import tempfile
import json
import torch
from pathlib i
OSV
MONAI: Unsafe torch usage may lead to arbitrary code execution
osv·2025-09-09
CVE-2025-58756 [HIGH] MONAI: Unsafe torch usage may lead to arbitrary code execution
MONAI: Unsafe torch usage may lead to arbitrary code execution
### Summary
In ```model_dict = torch.load(full_path, map_location=torch.device(device), weights_only=True)``` in monai/bundle/scripts.py , ```weights_only=True``` is loaded securely. However, insecure loading methods still exist elsewhere in the project, such as when loading checkpoints.
This is a common practice when users want to reduce training time and costs by loading pre-trained models downloaded from platforms like huggingface.
Loading a checkpoint containing malicious content can trigger a deserialization vulnerability, leading to code execution.
The following proof-of-concept demonstrates the issues that arise when loading insecure checkpoints.
```
import os
import tempfile
import json
import torch
from pathlib i
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-09-09
Published