CVE-2025-58757 — Monai: Unsafe use of Pickle deserialization may lead to RCE

Description

MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.0, the `pickle_operations` function in `monai/data/utils.py` automatically handles dictionary key-value pairs ending with a specific suffix and deserializes them using `pickle.loads()` . This function also lacks any security measures. The deserialization may lead to code execution. As of time of publication, no known fixed versions are available.

How to fix CVE-2025-58757

To remediate CVE-2025-58757, upgrade the affected package to a fixed version below.

—upgrade to 1.5.1 or later
—upgrade to 1.5.1rc1 or later

Is CVE-2025-58757 being exploited?

Low — EPSS is 1.4%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 1.5.1
from 0, < 1.5.1rc1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References (6)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2025-58757
PATCHgithub.com/Project-MONAI/MONAI
WEBgithub.com/Project-MONAI/MONAI/commit/948fbb703adcb87cd04ebd83d20dcd8d73bf6259
WEBgithub.com/Project-MONAI/MONAI/pull/8566