CVE-2025-58755

Name of the Vulnerable Software and Affected Versions: MONAI versions prior to 1.5.1

Description: MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. The extractall function zip file.extractall(output dir) is used directly to process compressed files throughout the project. When processing a Zip file containing malicious content, the function overwrites system files. The project also allows downloading of zip content, increasing the scope of exploitation.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.