MONAI voorkomt geen padtraversering, wat mogelijk leidt tot willekeurige bestandsschrijfbewerkingen

The core of this vulnerability lies in MONAI's handling of ZIP archives. The extractall function, without proper sanitization of the archive's contents, allows an attacker to include path traversal sequences (e.g., ../) within the ZIP file. When extracted, these sequences can overwrite critical system files, potentially leading to complete system compromise. The ability to download ZIP content remotely further expands the attack surface, enabling attackers to target a wider range of systems. This could result in data breaches, denial of service, or even remote code execution if overwritten files are involved in critical system processes.

Organizations utilizing MONAI for medical image analysis, particularly those deploying it in production environments or integrating it with other critical systems, are at risk. Environments where ZIP files are downloaded and processed without proper validation are especially vulnerable. Shared hosting environments where multiple users have access to the same file system are also at increased risk.

• python / monai:

import os
import zipfile

def check_monai_vulnerability(zip_file_path, output_dir):
    try:
        with zipfile.ZipFile(zip_file_path, 'r') as zip_ref:
            for file_info in zip_ref.infolist():
                if '..' in file_info.filename:
                    print(f"Potential Path Traversal detected in: {file_info.filename}")
                    return True
        return False
    except Exception as e:
        print(f"Error processing zip file: {e}")
        return False

# Example usage (replace with actual file path)
zip_file = 'path/to/potentially_malicious.zip'
output_directory = '/tmp/extracted_files'
if check_monai_vulnerability(zip_file, output_directory):
    print("Vulnerability likely present.")
else:
    print("No immediate vulnerability detected.")

• generic web: Check for file download endpoints that accept ZIP files. Use curl to test for path traversal attempts.

curl 'http://example.com/download.php?file=../../../../etc/passwd' -s

1. 2025-09-09Disclosure

   disclosure

1. Gereserveerd2025-09-04
2. Gepubliceerd2025-09-09
3. Gewijzigd2025-09-26
4. EPSS bijgewerkt2026-03-23

The primary mitigation is to upgrade to MONAI version 1.5.1 or later, which addresses the vulnerability. If upgrading is not immediately feasible, consider implementing temporary workarounds. One approach is to restrict the download of ZIP files from untrusted sources. Implement strict input validation and sanitization of any ZIP files before processing them. Consider using a dedicated, isolated environment for processing potentially malicious archives. Monitor system files for unexpected modifications, particularly in sensitive directories. While a specific Sigma or YARA rule isn't readily available, monitoring for unusual file creation or modification events within the MONAI installation directory is recommended.