CVE-2025-58757
Published: 09 September 2025
Summary
CVE-2025-58757 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Monai Medical Open Network For Ai. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Python (T1059.006); ranked in the top 25.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Computer Vision; in the Data-Related Vulnerabilities risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires validation of untrusted dictionary inputs to the pickle_operations function, directly preventing deserialization of malicious payloads leading to code execution.
Mandates timely flaw remediation, including patching the unsafe pickle deserialization vulnerability in MONAI versions up to 1.5.0 when fixes become available.
Vulnerability scanning and monitoring identifies the deserialization flaw in MONAI deployments, enabling proactive mitigation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The unsafe pickle deserialization in MONAI's data processing enables arbitrary code execution when processing attacker-controlled data, facilitating Python code execution (T1059.006) and exploitation of client software vulnerabilities (T1203).
NVD Description
MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.0, the `pickle_operations` function in `monai/data/utils.py` automatically handles dictionary key-value pairs ending with a specific suffix and deserializes them using…
more
`pickle.loads()` . This function also lacks any security measures. The deserialization may lead to code execution. As of time of publication, no known fixed versions are available.
Deeper analysisAI
CVE-2025-58757 is a deserialization vulnerability in MONAI, an open-source AI toolkit for healthcare imaging. It affects versions up to and including 1.5.0, specifically the `pickle_operations` function in `monai/data/utils.py`. This function automatically processes dictionary key-value pairs ending with a specific suffix by deserializing them via `pickle.loads()` without any security checks, potentially leading to arbitrary code execution. The flaw is categorized as CWE-502 (Deserialization of Untrusted Data) and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
Exploitation requires network access with low attack complexity and no privileges, but user interaction is necessary, such as convincing a user to load a malicious dictionary input into the affected function. An attacker could achieve high-impact effects on confidentiality, integrity, and availability, including remote code execution on the target system processing the data.
The primary advisory at https://github.com/Project-MONAI/MONAI/security/advisories/GHSA-p8cm-mm2v-gwjm confirms the issue, and as of publication on 2025-09-09, no fixed versions of MONAI are available. Practitioners should avoid processing untrusted data with the `pickle_operations` function and monitor the Project-MONAI GitHub repository for patches or workarounds.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Computer Vision
- Risk Domain
- Data-Related Vulnerabilities
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- MONAI is an AI toolkit specialized for healthcare imaging, which involves computer vision tasks such as medical image processing and analysis.