CVE-2025-58757: 
Python vulnerability analysis and mitigation

CVE-2025-58757 affects MONAI (Medical Open Network for AI), an AI toolkit for health care imaging, in versions up to and including 1.5.0. The vulnerability was discovered and disclosed on September 8, 2025, with the last update on September 9, 2025. The issue resides in the pickle_operations function within monai/data/utils.py, which automatically handles dictionary key-value pairs ending with a specific suffix and deserializes them using pickle.loads() without proper security measures (GitHub Advisory).

The vulnerability stems from unsafe use of Python's pickle deserialization functionality. The pickle_operations function in monai/data/utils.py processes dictionary key-value pairs with specific suffixes using pickle.loads() without implementing any security validation measures. The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating network attack vector, low attack complexity, no privileges required, and user interaction required (GitHub Advisory).

The vulnerability can lead to remote code execution (RCE) when processing untrusted data. An attacker can create malicious dataset content that, when processed through MONAI's listdatacollate function or when loading serialized files from untrusted sources, will execute arbitrary code on the target system. This is particularly concerning given the project's use in medical applications where security awareness might be lower among users (GitHub Advisory).

As of the publication date, no fixed versions are available. The recommended mitigation strategy is to verify data sources and content before deserialization or use safe deserialization methods. A similar approach to the fix implemented in HuggingFace's transformer library is suggested (GitHub Advisory).