CVE-2025-58757: Monai: Unsafe use of Pickle deserialization may lead to RCE
(updated )
The pickle_operations function in monai/data/utils.py automatically handles dictionary key-value pairs ending with a specific suffix and deserializes them using pickle.loads() . This function also lacks any security measures.
When verified using the following proof-of-concept, arbitrary code execution can occur.
References
- github.com/Project-MONAI/MONAI/commit/948fbb703adcb87cd04ebd83d20dcd8d73bf6259
- github.com/Project-MONAI/MONAI/pull/8566
- github.com/Project-MONAI/MONAI/security/advisories/GHSA-p8cm-mm2v-gwjm
- github.com/advisories/GHSA-p8cm-mm2v-gwjm
- github.com/pypa/advisory-database/tree/main/vulns/monai/PYSEC-2025-142.yaml
- nvd.nist.gov/vuln/detail/CVE-2025-58757
Code Behaviors & Features
Detect and mitigate CVE-2025-58757 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →