Vulnerability Details CVE-2025-58757
MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.0, the `pickle_operations` function in `monai/data/utils.py` automatically handles dictionary key-value pairs ending with a specific suffix and deserializes them using `pickle.loads()` . This function also lacks any security measures. The deserialization may lead to code execution. As of time of publication, no known fixed versions are available.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.8%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2025-58757
-
cpe:2.3:a:monai:medical_open_network_for_ai:0.1.0
-
cpe:2.3:a:monai:medical_open_network_for_ai:0.2.0
-
cpe:2.3:a:monai:medical_open_network_for_ai:0.3.0
-
cpe:2.3:a:monai:medical_open_network_for_ai:0.4.0
-
cpe:2.3:a:monai:medical_open_network_for_ai:0.5.0
-
cpe:2.3:a:monai:medical_open_network_for_ai:0.5.1
-
cpe:2.3:a:monai:medical_open_network_for_ai:0.5.2
-
cpe:2.3:a:monai:medical_open_network_for_ai:0.5.3
-
cpe:2.3:a:monai:medical_open_network_for_ai:0.6.0
-
cpe:2.3:a:monai:medical_open_network_for_ai:0.7.0
-
cpe:2.3:a:monai:medical_open_network_for_ai:0.8.0
-
cpe:2.3:a:monai:medical_open_network_for_ai:0.8.1
-
cpe:2.3:a:monai:medical_open_network_for_ai:0.9.0
-
cpe:2.3:a:monai:medical_open_network_for_ai:0.9.1
-
cpe:2.3:a:monai:medical_open_network_for_ai:1.0.0
-
cpe:2.3:a:monai:medical_open_network_for_ai:1.0.1
-
cpe:2.3:a:monai:medical_open_network_for_ai:1.1.0
-
cpe:2.3:a:monai:medical_open_network_for_ai:1.2.0
-
cpe:2.3:a:monai:medical_open_network_for_ai:1.3.0
-
cpe:2.3:a:monai:medical_open_network_for_ai:1.3.1
-
cpe:2.3:a:monai:medical_open_network_for_ai:1.3.2
-
cpe:2.3:a:monai:medical_open_network_for_ai:1.3.3
-
cpe:2.3:a:monai:medical_open_network_for_ai:1.4.0
-
cpe:2.3:a:monai:medical_open_network_for_ai:1.4.1
-
cpe:2.3:a:monai:medical_open_network_for_ai:1.5.0