
We found results for “”
CVE-2025-58757
Good to know:


Date: September 8, 2025
MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.0, the "pickle_operations" function in "monai/data/utils.py" automatically handles dictionary key-value pairs ending with a specific suffix and deserializes them using "pickle.loads()" . This function also lacks any security measures. The deserialization may lead to code execution. As of time of publication, no known fixed versions are available.
Severity Score
Related Resources (6)
Severity Score
Weakness Type (CWE)
Deserialization of Untrusted Data
CWE-502Top Fix

CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | REQUIRED |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |