CVE-2025-58757
BaseFortify
Publication date: 2025-09-09
Last updated on: 2025-09-19
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| monai | medical_open_network_for_ai | to 1.5.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-58757 is a critical remote code execution vulnerability in the MONAI medical imaging framework. It occurs because the `pickle_operations` function in `monai/data/utils.py` automatically deserializes dictionary key-value pairs ending with a specific suffix using Python's unsafe `pickle.loads()` without any security checks. This allows an attacker to craft malicious serialized data that, when processed by MONAI, executes arbitrary system commands on the victim's machine. [1]
How can this vulnerability impact me? :
This vulnerability can allow attackers to remotely execute arbitrary code on systems running vulnerable versions of MONAI without requiring any privileges. This can lead to full system compromise, data theft, data corruption, or disruption of services. The attack can be triggered during batch data processing or when loading serialized files from untrusted sources, making it a severe security risk. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for execution of unexpected commands triggered by deserialization in MONAI's data processing. Specifically, look for suspicious files or artifacts created by malicious payloads, such as the creation of unexpected files like /tmp/hacker1.txt. You can check for such files using commands like `ls -l /tmp/hacker1.txt`. Additionally, monitoring logs or tracing calls to the `pickle_operations` function in `monai/data/utils.py` during data loading or batch processing may help identify exploitation attempts. Since the vulnerability triggers on deserialization of crafted pickle payloads, scanning incoming serialized data for suspicious or untrusted sources is also recommended. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include verifying the source and contents of any data before deserializing it with MONAI, avoiding loading serialized data from untrusted or external sources. Replace or avoid using the unsafe `pickle.loads()` deserialization in the `pickle_operations` function. Consider implementing secure deserialization alternatives or validation mechanisms to prevent execution of malicious payloads. Since no fixed versions are currently available, restricting network access to MONAI services and limiting user interaction with untrusted data can reduce risk. [1]