CVE-2025-58757
published 2025-09-09CVE-2025-58757: MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.0, the `pickle_operations` function in…
PriorityP355high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
0.60%
44.3th percentile
MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.0, the `pickle_operations` function in `monai/data/utils.py` automatically handles dictionary key-value pairs ending with a specific suffix and deserializes them using `pickle.loads()` . This function also lacks any security measures. The deserialization may lead to code execution. As of time of publication, no known fixed versions are available.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| monai | medical_open_network_for_ai | <= 1.5.0 | — |
| project-monai | monai | <= 1.5.0 | — |
| project-monai | monai | >= 0 < 1.5.1 | 1.5.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Monai: Unsafe use of Pickle deserialization may lead to RCE
ghsa·2025-09-09
CVE-2025-58757 [HIGH] CWE-502 Monai: Unsafe use of Pickle deserialization may lead to RCE
Monai: Unsafe use of Pickle deserialization may lead to RCE
>To prevent this report from being deemed inapplicable or out of scope, due to the project's unique nature (for medical applications) and widespread popularity (6k+ stars), it's important to pay attention to some of the project's inherent security issues. (This is because medical professionals may not pay enough attention to security issues when using this project, leading to attacks on services or local machines.)
### Summary
The ```pickle_operations``` function in ```monai/data/utils.py``` automatically handles dictionary key-value pairs ending with a specific suffix and deserializes them using pickle.loads() . This function also lacks any security measures.
When verified using the following proof-of-concept, arbitrary code e
OSV
Monai: Unsafe use of Pickle deserialization may lead to RCE
osv·2025-09-09
CVE-2025-58757 [HIGH] Monai: Unsafe use of Pickle deserialization may lead to RCE
Monai: Unsafe use of Pickle deserialization may lead to RCE
>To prevent this report from being deemed inapplicable or out of scope, due to the project's unique nature (for medical applications) and widespread popularity (6k+ stars), it's important to pay attention to some of the project's inherent security issues. (This is because medical professionals may not pay enough attention to security issues when using this project, leading to attacks on services or local machines.)
### Summary
The ```pickle_operations``` function in ```monai/data/utils.py``` automatically handles dictionary key-value pairs ending with a specific suffix and deserializes them using pickle.loads() . This function also lacks any security measures.
When verified using the following proof-of-concept, arbitrary code e
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-09-09
Published