ГлавнаяУязвимости → CVE-2025-58757
8.8высокая

CVE-2025-58757

Описание

MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.0, the `pickle_operations` function in `monai/data/utils.py` automatically handles dictionary key-value pairs ending with a specific suffix and deserializes them using `pickle.loads()` . This function also lacks any security measures. The deserialization may lead to code execution. As of time of publication, no known fixed versions are available.

Затрагиваемое ПО
Monai Medical open network for ai
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Источники
https://github.com/Project-MONAI/MONAI/security/advisories/GHSA-p8cm-mm2v-gwjmhttps://github.com/Project-MONAI/MONAI/security/advisories/GHSA-p8cm-mm2v-gwjm