VYPR
High severityNVD Advisory· Published Sep 8, 2025· Updated Sep 9, 2025

MONAI's unsafe use of Pickle deserialization may lead to RCE

CVE-2025-58757

Description

MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.0, the pickle_operations function in monai/data/utils.py automatically handles dictionary key-value pairs ending with a specific suffix and deserializes them using pickle.loads() . This function also lacks any security measures. The deserialization may lead to code execution. As of time of publication, no known fixed versions are available.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
monaiPyPI
< 1.5.11.5.1

Affected products

2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.