CVE-2025-58755
BaseFortify
Publication date: 2025-09-09
Last updated on: 2025-09-19
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| monai | medical_open_network_for_ai | to 1.5.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a high-severity path traversal issue in the MONAI project related to the use of the zip_file.extractall(output_dir) function. The extraction process does not properly sanitize file paths inside ZIP archives, allowing attackers to craft malicious ZIP files with directory traversal sequences (like ../../../../../etc/passwd). When extracted, these files can overwrite arbitrary system files outside the intended directory, potentially leading to system compromise. [1]
How can this vulnerability impact me? :
The vulnerability can have severe impacts including overwriting critical system files, injecting malicious SSH keys, or placing files that execute automatically on system boot. This can lead to system compromise, denial of service, or persistent unauthorized access. Since the project allows downloading ZIP content via URLs, remote exploitation is possible, increasing the risk. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for extraction of ZIP files containing path traversal sequences such as '../../' in file paths. You can inspect ZIP files before extraction using commands like 'zipinfo -1 suspicious.zip' or 'unzip -l suspicious.zip' to list file paths and check for directory traversal patterns. Additionally, monitoring system logs for unexpected file writes outside intended directories or unusual modifications to critical system files may help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include validating and sanitizing ZIP file contents before extraction to ensure no path traversal sequences are present. Avoid using the vulnerable 'zip_file.extractall(output_dir)' function directly on untrusted ZIP files. Employ safer extraction methods that prevent path traversal, such as extracting files only to intended directories after checking their paths. Since no patched versions are available, restrict or monitor the download and extraction of ZIP files from untrusted sources to reduce exposure. [1]