CVE-2025-58757 HIGH

CVE-2025-58757: MONAI's unsafe use of Pickle deserialization may lead to RCE

Vendor Project-Monai

Product MONAI

Weakness CWE-502 · Unsafe deserialization

Published September 8, 2025

Last update September 9, 2025

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.0, the `pickle_operations` function in `monai/data/utils.py` automatically handles dictionary key-value pairs ending with a specific suffix and deserializes them using `pickle.loads()` . This function also lacks any security measures. The deserialization may lead to code execution. As of time of publication, no known fixed versions are available.

Key dates

02Disclosure timeline

September 8, 2025 CVE published

September 9, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-58757

Related vulnerabilities

04Related CVE

CVE-2026-39555 WordPress Askka theme <= 1.3.1 - PHP Object Injection vulnerability CVE-2025-47532 WordPress CoinPayments.net Payment Gateway for WooCommerce plugin <= 1.0.17 - PHP Object Injection Vulnerability CVE-2024-34433 WordPress One Click Demo Import plugin <=3.2.0 - PHP Object Injection vulnerability CVE-2026-0859 TYPO3 CMS Allows Insecure Deserialization via Mailer File Spool CVE-2024-23512 WordPress ProductX – Gutenberg WooCommerce Blocks Plugin <= 3.1.4 is vulnerable to PHP Object Injection