CVE-2025-58756 MONAI's unsafe torch usage may lead to arbitrary code execution

MONAI Medical Open Network for AI is an AI toolkit for health care imaging. In versions up to and including 1.5.0, in modeldict = torch.loadfullpath, maplocation=torch.devicedevice, weightsonly=True in monai/bundle/scripts.py , weightsonly=True is loaded securely. However, insecure loading method...

CVE-2025-58755 MONAI has path traversal issue that may lead to arbitrary file writes

MONAI Medical Open Network for AI is an AI toolkit for health care imaging. The extractall function zipfile.extractalloutputdir is used directly to process compressed files. It is used in many places in the project. In versions up to and including 1.5.0, when the Zip file containing malicious...

CVE-2025-58755 MONAI has path traversal issue that may lead to arbitrary file writes

MONAI Medical Open Network for AI is an AI toolkit for health care imaging. The extractall function zipfile.extractalloutputdir is used directly to process compressed files. It is used in many places in the project. In versions up to and including 1.5.0, when the Zip file containing malicious...

CVE-2025-58755

MONAI v1.5.0 and earlier is vulnerable to a path traversal/Zip Slip issue caused by using zip_file.extractall(output_dir) to extract archives. A crafted zip can overwrite arbitrary files on the target system when decompressed, as demonstrated by reports and security advisories referencing this be...

CVE-2025-58755 MONAI has path traversal issue that may lead to arbitrary file writes

MONAI Medical Open Network for AI is an AI toolkit for health care imaging. The extractall function zipfile.extractalloutputdir is used directly to process compressed files. It is used in many places in the project. In versions up to and including 1.5.0, when the Zip file containing malicious...

CVE-2025-58757

creationtimestamp| type| source ---|---|--- 2025-09-08 17:40:17+00:00| published-proof-of-concept| https://github.com/Project-MONAI/MONAI/security/advisories/GHSA-p8cm-mm2v-gwjm...

PT-2025-36533

Name of the Vulnerable Software and Affected Versions: MONAI versions up to and including 1.5.0 Description: MONAI Medical Open Network for AI is an AI toolkit for health care imaging. The pickle operations function in monai/data/utils.py automatically handles dictionary key-value pairs ending wi...

PT-2025-36532

Name of the Vulnerable Software and Affected Versions: MONAI versions up to and including 1.5.0 Description: MONAI is an AI toolkit for health care imaging. The software contains insecure model loading methods that can trigger a deserialization vulnerability, potentially leading to code execution...

PT-2025-36531

Name of the Vulnerable Software and Affected Versions: MONAI versions prior to 1.5.1 Description: MONAI Medical Open Network for AI is an AI toolkit for health care imaging. The extractall function zip file.extractalloutput dir is used directly to process compressed files throughout the project...