Description

MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. The extractall function `zip_file.extractall(output_dir)` is used directly to process compressed files. It is used in many places in the project. In versions up to and including 1.5.0, when the Zip file containing malicious content is decompressed, it overwrites the system files. In addition, the project allows the download of the zip content through the link, which increases the scope of exploitation of this vulnerability. As of time of publication, no known fixed versions are available.

INFO

Published Date :

2025-09-08T23:35:41.506Z

Last Modified :

2025-09-09T13:29:04.890Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-58755 vulnerability.

Vendors Products
Monai
  • Medical Open Network For Ai
  • Monai
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-58755.

URL Resource
https://github.com/Project-MONAI/MONAI/security/advisories/GHSA-x6ww-pf9m-m73m cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact