CVE-2025-58755

MONAI Medical Open Network for AI is an AI toolkit for health care imaging. The extractall function zipfile.extractalloutputdir is used directly to process compressed files. It is used in many places in the project. In versions up to and including 1.5.0, when the Zip file containing malicious...

Zip Slip

Overview monai is an AI Toolkit for Healthcare Imaging Affected versions of this package are vulnerable to Zip Slip via the use of zipfile.extractalloutputdir. An attacker can overwrite arbitrary files on the system by supplying a crafted zip archive containing files with path traversal sequences...

PYSEC-2025-142

MONAI Medical Open Network for AI is an AI toolkit for health care imaging. In versions up to and including 1.5.0, the pickleoperations function in monai/data/utils.py automatically handles dictionary key-value pairs ending with a specific suffix and deserializes them using pickle.loads . This...

CVE-2025-58755

MONAI Medical Open Network for AI is an AI toolkit for health care imaging. The extractall function zipfile.extractalloutputdir is used directly to process compressed files. It is used in many places in the project. In versions up to and including 1.5.0, when the Zip file containing malicious...

CVE-2025-58757

MONAI 1.5.0 and earlier are affected by an unsafe deserialization vulnerability in monai/data/utils.py: pickle_operations deserializes dictionary values with a specific suffix using pickle.loads() without validation, enabling arbitrary code execution. The CVE describes potential RCE confirmed by ...

CVE-2025-58755

MONAI v1.5.0 and earlier is vulnerable to a path traversal/Zip Slip issue caused by using zip_file.extractall(output_dir) to extract archives. A crafted zip can overwrite arbitrary files on the target system when decompressed, as demonstrated by reports and security advisories referencing this be...