Cyber Resilience

CVE-2025-58755

HighPublic PoC

Published: 09 September 2025

Published
09 September 2025
Modified
19 September 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0021 43.7th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-58755 is a high-severity Path Traversal (CWE-22) vulnerability in Monai Medical Open Network For Ai. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Compromise Host Software Binary (T1554); ranked at the 43.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Computer Vision; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-58755 is a path traversal vulnerability (CWE-22) in MONAI, an open-source AI toolkit for healthcare imaging. In versions up to and including 1.5.0, the project directly invokes the `zip_file.extractall(output_dir)` function without path sanitization in multiple locations to process compressed files. This allows malicious ZIP archives to overwrite arbitrary system files during decompression. The CVSS v3.1 base score is 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), reflecting high severity due to network accessibility and significant impacts.

An attacker with low privileges, such as an authenticated user, can exploit this over the network by providing a specially crafted ZIP file containing paths that traverse to system directories. The project's support for downloading ZIP content via links further broadens the attack surface, enabling remote supply of malicious files. Successful exploitation overwrites critical system files, potentially granting full control over the affected system with high confidentiality, integrity, and availability impacts.

The primary advisory is available at https://github.com/Project-MONAI/MONAI/security/advisories/GHSA-x6ww-pf9m-m73m. As of the CVE publication on 2025-09-09, no fixed versions are available, so mitigation requires avoiding processing untrusted ZIP files with MONAI's extractall functionality until patches are released.

EU & UK References

Vulnerability details

MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. The extractall function `zip_file.extractall(output_dir)` is used directly to process compressed files. It is used in many places in the project. In versions up to and including…

more

1.5.0, when the Zip file containing malicious content is decompressed, it overwrites the system files. In addition, the project allows the download of the zip content through the link, which increases the scope of exploitation of this vulnerability. As of time of publication, no known fixed versions are available.

CWE(s)

AI Security AnalysisAI

AI Category
Computer Vision
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ai

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1554 Compromise Host Software Binary Persistence
Adversaries may modify host software binaries to establish persistent access to systems.
T1685 Disable or Modify Tools Defense Impairment
Adversaries may disable, degrade, or tamper with security tools or applications (e.
T1565.001 Stored Data Manipulation Impact
Adversaries may insert, delete, or manipulate data at rest in order to influence external outcomes or hide activity, thus threatening the integrity of the data.
Why these techniques?

The ZIP extraction vulnerability enables path traversal leading to arbitrary overwrite of system files, facilitating compromise of host software binaries (T1554), disabling or modifying security tools via file overwrite (T1562.001), and stored data manipulation (T1565.001).

CVEs Like This One

CVE-2025-58757Same product: Monai Medical Open Network For Ai
CVE-2025-58756Same product: Monai Medical Open Network For Ai
CVE-2025-25371Shared CWE-22
CVE-2024-7776Shared CWE-22
CVE-2026-20613Shared CWE-22
CVE-2026-45224Shared CWE-22
CVE-2025-1785Shared CWE-22
CVE-2026-35177Shared CWE-22
CVE-2024-7034Shared CWE-22
CVE-2026-30290Shared CWE-22

Affected Assets

monai
medical open network for ai
≤ 1.5.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of file paths in ZIP inputs to prevent path traversal exploitation during extraction that overwrites system files.

prevent

Mandates timely identification, reporting, and remediation of flaws like the unsafe zip_file.extractall function in MONAI versions up to 1.5.0.

detect

Enforces integrity verification of software and files to identify unauthorized overwrites resulting from malicious ZIP decompression.

References