CVE-2025-58757
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-09

Last updated on: 2025-09-19

Assigner: GitHub, Inc.

Description
MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.0, the `pickle_operations` function in `monai/data/utils.py` automatically handles dictionary key-value pairs ending with a specific suffix and deserializes them using `pickle.loads()` . This function also lacks any security measures. The deserialization may lead to code execution. As of time of publication, no known fixed versions are available.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-09
Last Modified
2025-09-19
Generated
2026-06-16
AI Q&A
2025-09-09
EPSS Evaluated
2026-06-15
NVD
CVE-2025-58757
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
monai medical_open_network_for_ai to 1.5.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-58757 is a critical remote code execution vulnerability in the MONAI medical imaging framework. It occurs because the `pickle_operations` function in `monai/data/utils.py` automatically deserializes dictionary key-value pairs ending with a specific suffix using Python's unsafe `pickle.loads()` without any security checks. This allows an attacker to craft malicious serialized data that, when processed by MONAI, executes arbitrary system commands on the victim's machine. [1]

Impact Analysis

This vulnerability can allow attackers to remotely execute arbitrary code on systems running vulnerable versions of MONAI without requiring any privileges. This can lead to full system compromise, data theft, data corruption, or disruption of services. The attack can be triggered during batch data processing or when loading serialized files from untrusted sources, making it a severe security risk. [1]

Detection Guidance

This vulnerability can be detected by monitoring for execution of unexpected commands triggered by deserialization in MONAI's data processing. Specifically, look for suspicious files or artifacts created by malicious payloads, such as the creation of unexpected files like /tmp/hacker1.txt. You can check for such files using commands like `ls -l /tmp/hacker1.txt`. Additionally, monitoring logs or tracing calls to the `pickle_operations` function in `monai/data/utils.py` during data loading or batch processing may help identify exploitation attempts. Since the vulnerability triggers on deserialization of crafted pickle payloads, scanning incoming serialized data for suspicious or untrusted sources is also recommended. [1]

Mitigation Strategies

Immediate mitigation steps include verifying the source and contents of any data before deserializing it with MONAI, avoiding loading serialized data from untrusted or external sources. Replace or avoid using the unsafe `pickle.loads()` deserialization in the `pickle_operations` function. Consider implementing secure deserialization alternatives or validation mechanisms to prevent execution of malicious payloads. Since no fixed versions are currently available, restricting network access to MONAI services and limiting user interaction with untrusted data can reduce risk. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-58757. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart