cbcvebase.
CVE-2025-58757
published 2025-09-09

CVE-2025-58757: MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.0, the `pickle_operations` function in…

PriorityP355high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
0.60%
44.3th percentile
MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.0, the `pickle_operations` function in `monai/data/utils.py` automatically handles dictionary key-value pairs ending with a specific suffix and deserializes them using `pickle.loads()` . This function also lacks any security measures. The deserialization may lead to code execution. As of time of publication, no known fixed versions are available.

Affected

3 ranges
VendorProductVersion rangeFixed in
monaimedical_open_network_for_ai<= 1.5.0
project-monaimonai<= 1.5.0
project-monaimonai>= 0 < 1.5.11.5.1
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.