CVE-2025-58756: 
Python vulnerability analysis and mitigation

MONAI (Medical Open Network for AI), an AI toolkit for healthcare imaging, contains a critical vulnerability (CVE-2025-58756) discovered on September 8, 2025. The vulnerability affects versions up to and including 1.5.0, where insecure loading methods in the checkpoint loading functionality can lead to arbitrary code execution. While secure loading is implemented in some parts of the codebase using 'weights_only=True', other sections remain vulnerable, particularly when loading pre-trained models from external platforms (GitHub Advisory, NVD).

The vulnerability is classified as CWE-502 (Deserialization of Untrusted Data) with a CVSS v3.1 base score of 8.8 (HIGH). The issue stems from unsafe usage of torch.load() when loading checkpoints, particularly in the CheckpointLoader.call function. While 'weights_only=True' parameter is properly implemented in monai/bundle/scripts.py, other parts of the codebase use insecure loading methods that rely on Python's pickle module for deserialization, making it susceptible to code execution attacks (GitHub Advisory).

The vulnerability can lead to arbitrary command execution on affected systems. When loading a maliciously crafted checkpoint file, an attacker can trigger the deserialization vulnerability to execute arbitrary code. This is particularly concerning as loading pre-trained models from external platforms is a common practice to reduce training time and costs (GitHub Advisory).

As of the publication date, no fixed versions are available. The recommended mitigation is to use a safe method to load models or force 'weights_only=True' parameter when using torch.load(). Organizations should carefully validate and verify the source of any pre-trained models before loading them into their MONAI implementations (GitHub Advisory).