Platform
python
Component
monai
Fixed in
1.5.1
1.5.1
CVE-2025-58755 is a Path Traversal vulnerability discovered in MONAI, a Python-based medical imaging framework. This vulnerability allows attackers to overwrite system files by exploiting the direct use of zipfile.extractall(outputdir) to process compressed files. The vulnerability impacts versions of MONAI up to and including 1.5.0rc1, and a fix is available in version 1.5.1.
The core of this vulnerability lies in MONAI's handling of ZIP archives. The extractall function, without proper sanitization of the archive's contents, allows an attacker to include path traversal sequences (e.g., ../) within the ZIP file. When extracted, these sequences can overwrite critical system files, potentially leading to complete system compromise. The ability to download ZIP content remotely further expands the attack surface, enabling attackers to target a wider range of systems. This could result in data breaches, denial of service, or even remote code execution if overwritten files are involved in critical system processes.
This vulnerability was publicly disclosed on 2025-09-09. There is currently no indication of active exploitation campaigns targeting this specific CVE. The vulnerability's ease of exploitation, combined with the potential for widespread impact, warrants careful attention. The lack of a public proof-of-concept (POC) does not diminish the risk, as crafting a malicious ZIP archive is relatively straightforward.
Exploit Status
EPSS
0.12% (31% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to upgrade to MONAI version 1.5.1 or later, which addresses the vulnerability. If upgrading is not immediately feasible, consider implementing temporary workarounds. One approach is to restrict the download of ZIP files from untrusted sources. Implement strict input validation and sanitization of any ZIP files before processing them. Consider using a dedicated, isolated environment for processing potentially malicious archives. Monitor system files for unexpected modifications, particularly in sensitive directories. While a specific Sigma or YARA rule isn't readily available, monitoring for unusual file creation or modification events within the MONAI installation directory is recommended.
Actualice la biblioteca MONAI a una versión corregida tan pronto como esté disponible. Evite descargar y descomprimir archivos ZIP de fuentes no confiables. Inspeccione el contenido de los archivos ZIP antes de descomprimirlos para detectar posibles rutas maliciosas.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-58755 is a Path Traversal vulnerability in MONAI versions up to 1.5.0rc1, allowing attackers to overwrite system files by exploiting the direct use of zip_file.extractall.
You are affected if you are using MONAI versions 1.5.0rc1 or earlier. Upgrade to 1.5.1 to resolve the vulnerability.
Upgrade to MONAI version 1.5.1 or later. As a temporary workaround, restrict ZIP file downloads from untrusted sources and implement strict input validation.
There is currently no indication of active exploitation campaigns targeting this specific CVE, but the vulnerability's ease of exploitation warrants caution.
Refer to the MONAI project's official security advisories and release notes for the latest information and updates regarding CVE-2025-58755.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.