64 matches found
PYSEC-2025-142
MONAI Medical Open Network for AI is an AI toolkit for health care imaging. In versions up to and including 1.5.0, the pickleoperations function in monai/data/utils.py automatically handles dictionary key-value pairs ending with a specific suffix and deserializes them using pickle.loads . This...
PYSEC-2025-140
MONAI Medical Open Network for AI is an AI toolkit for health care imaging. The extractall function zipfile.extractalloutputdir is used directly to process compressed files. It is used in many places in the project. In versions up to and including 1.5.0, when the Zip file containing malicious...
CVE-2025-58755
MONAI Medical Open Network for AI is an AI toolkit for health care imaging. The extractall function zipfile.extractalloutputdir is used directly to process compressed files. It is used in many places in the project. In versions up to and including 1.5.0, when the Zip file containing malicious...
PYSEC-2025-140
MONAI Medical Open Network for AI is an AI toolkit for health care imaging. The extractall function zipfile.extractalloutputdir is used directly to process compressed files. It is used in many places in the project. In versions up to and including 1.5.0, when the Zip file containing malicious...
CVE-2025-58757
MONAI Medical Open Network for AI is an AI toolkit for health care imaging. In versions up to and including 1.5.0, the pickleoperations function in monai/data/utils.py automatically handles dictionary key-value pairs ending with a specific suffix and deserializes them using pickle.loads . This...
2404-segmentation-pipeline (>=0.1.0 <=1.0.0), abdomenatlas (>=0.1.0 <=0.1.1) +57 more potentially affected by CVE-2025-58755 via monai (>=0.4.0 <=1.5.1)
monai PYPI version =0.4.0, =0.1.0, =0.1.0, =0.0.1, =1.0.0, =0.0.0, =0.0.1, =2.0.1, =0.1.5, =0.4.2, =0.1.0, =1.0.12, =1.2.7 - dicom2hdf =0.9.9 - disjoint-generation =1.0.0 - edge-research-pipeline =0.1.2 and more Source cves: CVE-2025-58755 Source advisory: OSV:PYSEC-2025-140...
MONAI 安全漏洞
MONAI is a medical imaging AI toolkit open-sourced by Project MONAI. A security vulnerability exists in MONAI 1.5.0 and earlier versions, which stems from mishandling of the pickleoperations function and could lead to a deserialization vulnerability and code execution...
MONAI 路径遍历漏洞
MONAI is a medical imaging AI toolkit open-sourced by Project MONAI. A path traversal vulnerability exists in MONAI 1.5.0 and earlier versions, which stems from improper handling of the extractall function and can lead to system file overwrites...
MONAI 代码问题漏洞
MONAI is a medical imaging AI toolkit open-sourced by Project MONAI. A code issue vulnerability exists in MONAI 1.5.0 and prior versions that stems from an insecure loading method that could lead to a deserialization vulnerability and code execution...
CVE-2025-58757 MONAI's unsafe use of Pickle deserialization may lead to RCE
MONAI Medical Open Network for AI is an AI toolkit for health care imaging. In versions up to and including 1.5.0, the pickleoperations function in monai/data/utils.py automatically handles dictionary key-value pairs ending with a specific suffix and deserializes them using pickle.loads . This...
CVE-2025-58757
MONAI 1.5.0 and earlier are affected by an unsafe deserialization vulnerability in monai/data/utils.py: pickle_operations deserializes dictionary values with a specific suffix using pickle.loads() without validation, enabling arbitrary code execution. The CVE describes potential RCE confirmed by ...
CVE-2025-58757 MONAI's unsafe use of Pickle deserialization may lead to RCE
MONAI Medical Open Network for AI is an AI toolkit for health care imaging. In versions up to and including 1.5.0, the pickleoperations function in monai/data/utils.py automatically handles dictionary key-value pairs ending with a specific suffix and deserializes them using pickle.loads . This...
CVE-2025-58757 MONAI's unsafe use of Pickle deserialization may lead to RCE
MONAI Medical Open Network for AI is an AI toolkit for health care imaging. In versions up to and including 1.5.0, the pickleoperations function in monai/data/utils.py automatically handles dictionary key-value pairs ending with a specific suffix and deserializes them using pickle.loads . This...
CVE-2025-58756
MONAI (Medical Open Network for AI) vulnerability CVE-2025-58756 involves insecure deserialization during model loading. The code path in monai/bundle/scripts.py uses torch.load with weights_only=True for certain loads, but other loading paths can deserialize untrusted content from checkpoints, ...
CVE-2025-58756 MONAI's unsafe torch usage may lead to arbitrary code execution
MONAI Medical Open Network for AI is an AI toolkit for health care imaging. In versions up to and including 1.5.0, in modeldict = torch.loadfullpath, maplocation=torch.devicedevice, weightsonly=True in monai/bundle/scripts.py , weightsonly=True is loaded securely. However, insecure loading method...
CVE-2025-58756 MONAI's unsafe torch usage may lead to arbitrary code execution
MONAI Medical Open Network for AI is an AI toolkit for health care imaging. In versions up to and including 1.5.0, in modeldict = torch.loadfullpath, maplocation=torch.devicedevice, weightsonly=True in monai/bundle/scripts.py , weightsonly=True is loaded securely. However, insecure loading method...
CVE-2025-58755 MONAI has path traversal issue that may lead to arbitrary file writes
MONAI Medical Open Network for AI is an AI toolkit for health care imaging. The extractall function zipfile.extractalloutputdir is used directly to process compressed files. It is used in many places in the project. In versions up to and including 1.5.0, when the Zip file containing malicious...
CVE-2025-58755 MONAI has path traversal issue that may lead to arbitrary file writes
MONAI Medical Open Network for AI is an AI toolkit for health care imaging. The extractall function zipfile.extractalloutputdir is used directly to process compressed files. It is used in many places in the project. In versions up to and including 1.5.0, when the Zip file containing malicious...
CVE-2025-58755
MONAI v1.5.0 and earlier is vulnerable to a path traversal/Zip Slip issue caused by using zip_file.extractall(output_dir) to extract archives. A crafted zip can overwrite arbitrary files on the target system when decompressed, as demonstrated by reports and security advisories referencing this be...
CVE-2025-58755 MONAI has path traversal issue that may lead to arbitrary file writes
MONAI Medical Open Network for AI is an AI toolkit for health care imaging. The extractall function zipfile.extractalloutputdir is used directly to process compressed files. It is used in many places in the project. In versions up to and including 1.5.0, when the Zip file containing malicious...