Description

MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.0, in `model_dict = torch.load(full_path, map_location=torch.device(device), weights_only=True)` in monai/bundle/scripts.py , `weights_only=True` is loaded securely. However, insecure loading methods still exist elsewhere in the project, such as when loading checkpoints. This is a common practice when users want to reduce training time and costs by loading pre-trained models downloaded from other platforms. Loading a checkpoint containing malicious content can trigger a deserialization vulnerability, leading to code execution. As of time of publication, no known fixed versions are available.

INFO

Published Date :

2025-09-08T23:39:55.508Z

Last Modified :

2025-09-09T13:28:57.518Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-58756 vulnerability.

Vendors Products
Monai
  • Medical Open Network For Ai
  • Monai
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-58756.

URL Resource
https://github.com/Project-MONAI/MONAI/security/advisories/GHSA-6vm5-6jv9-rjpj cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact