MONAI's unsafe torch usage may lead to arbitrary code execution
Description
MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.0, in model_dict = torch.load(full_path, map_location=torch.device(device), weights_only=True) in monai/bundle/scripts.py , weights_only=True is loaded securely. However, insecure loading methods still exist elsewhere in the project, such as when loading checkpoints. This is a common practice when users want to reduce training time and costs by loading pre-trained models downloaded from other platforms. Loading a checkpoint containing malicious content can trigger a deserialization vulnerability, leading to code execution. As of time of publication, no known fixed versions are available.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
monaiPyPI | < 1.5.1 | 1.5.1 |
Affected products
2- Range: <= 1.5.0
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-6vm5-6jv9-rjpjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-58756ghsaADVISORY
- github.com/Project-MONAI/MONAI/commit/948fbb703adcb87cd04ebd83d20dcd8d73bf6259ghsaWEB
- github.com/Project-MONAI/MONAI/pull/8566ghsaWEB
- github.com/Project-MONAI/MONAI/security/advisories/GHSA-6vm5-6jv9-rjpjghsax_refsource_CONFIRMWEB
- github.com/pypa/advisory-database/tree/main/vulns/monai/PYSEC-2025-141.yamlghsaWEB
News mentions
0No linked articles in our index yet.