CVE-2025-58757

Name of the Vulnerable Software and Affected Versions MONAI versions up to and including 1.5.0

Description MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. The pickle operations function in monai/data/utils.py automatically handles dictionary key-value pairs ending with a specific suffix and deserializes them using pickle.loads(). This function lacks security measures, and the deserialization process can lead to code execution. The vulnerability can be triggered when processing malicious dataset content or loading serialized files from untrusted sources. The attacker creates malicious dataset content and the system automatically calls pickle operations to handle the serialization transformations, leading to the execution of malicious code.

Recommendations MONAI versions prior to 1.6.0 are affected. As a temporary workaround, consider restricting access to the pickle operations function until a patch is available. Verify the data source and content before deserializing. Use a safe deserialization method.