2404-segmentation-pipeline (>=0.1.0 <=1.0.0), abdomenatlas (>=0.1.0 <=0.1.1) +43 more potentially affected by CVE-2025-58757 via monai (>=1.0.0 <=1.5.0)

monai PYPI version =1.0.0, =0.1.0, =0.1.0, =0.0.1, =1.0.0, =0.0.0, =0.0.1, =2.0.1, =0.1.5, =0.4.2, =1.0.12, =0.0.5, =0.0.6 - emphysemaseg =0.1.0 and more Source cves: CVE-2025-58757 Source advisory: SNYK:PYTHON-MONAI-12670797...

2404-segmentation-pipeline (>=0.1.0 <=1.0.0), abdomenatlas (>=0.1.0 <=0.1.1) +57 more potentially affected by CVE-2025-58757 via monai (>=0.4.0 <=1.5.0)

monai PYPI version =0.4.0, =0.1.0, =0.1.0, =0.0.1, =1.0.0, =0.0.0, =0.0.1, =2.0.1, =0.1.5, =0.4.2, =0.1.0, =1.0.12, =1.2.7 - dicom2hdf =0.9.9 - disjoint-generation =1.0.0 - edge-research-pipeline =0.1.2 and more Source cves: CVE-2025-58757 Source advisory: OSV:GHSA-P8CM-MM2V-GWJM...

2404-segmentation-pipeline (>=0.1.0 <=1.0.0), abdomenatlas (>=0.1.0 <=0.1.1) +57 more potentially affected by CVE-2025-58757 via monai (>=0.4.0 <=1.5.1)

monai PYPI version =0.4.0, =0.1.0, =0.1.0, =0.0.1, =1.0.0, =0.0.0, =0.0.1, =2.0.1, =0.1.5, =0.4.2, =0.1.0, =1.0.12, =1.2.7 - dicom2hdf =0.9.9 - disjoint-generation =1.0.0 - edge-research-pipeline =0.1.2 and more Source cves: CVE-2025-58757 Source advisory: OSV:PYSEC-2025-142...

CVE-2025-58757 MONAI's unsafe use of Pickle deserialization may lead to RCE

MONAI Medical Open Network for AI is an AI toolkit for health care imaging. In versions up to and including 1.5.0, the pickleoperations function in monai/data/utils.py automatically handles dictionary key-value pairs ending with a specific suffix and deserializes them using pickle.loads . This...