CVE 8.8 HIGH

MONAI’s unsafe torch usage may lead to arbitrary code execution_CVE-2025-58756

September 8, 2025 invoker category_cve
8.8 / 10
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.0, in `model_dict = torch.load(full_path, map_location=torch.device(device), weights_only=True)` in monai/bundle/scripts.py , `weights_only=True` is loaded securely. However, insecure loading methods still exist elsewhere in the project, such as when loading checkpoints. This is a common practice when users want to reduce training time and costs by loading pre-trained models downloaded from other platforms. Loading a checkpoint containing malicious content can trigger a deserialization vulnerability, leading to code execution. As of time of publication, no known fixed versions are available.

AI Analysis

MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.0, insecure loading methods exist when loading checkpoints, which can trigger a deserialization vulnerability leading to code execution.

Basic Information

ID CVE-2025-58756
Source GitHub_M
Published Sep 8, 2025 at 23:39

Affected Product

Vendor Project-MONAI
Product MONAI
Version <= 1.5.0
Affected Versions Project-MONAI MONAI <= 1.5.0

CWE Classification

CWE-502

AI Assessment

AI Score 8.8 / 10
AI Severity HIGH
Vendor Project-MONAI
Product MONAI
Version <= 1.5.0

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.