{"data":{"id":"169dcba8-4c39-40e1-b735-5a46652a2528","title":"CVE-2025-58756: MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.0, in ","summary":"MONAI, an AI toolkit for medical imaging, has a deserialization vulnerability (unsafe unpickling, where untrusted data is converted back into executable code) in versions up to 1.5.0 when loading pre-trained model checkpoints from external sources. While one part of the code uses secure loading (`weights_only=True`), other parts load checkpoints insecurely, allowing attackers to execute malicious code if a checkpoint contains intentionally crafted harmful data.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-58756","publishedAt":"2025-09-09T00:15:32.457Z","cveId":"CVE-2025-58756","cweIds":["CWE-502"],"cvssScore":"8.8","cvssSeverity":"high","severity":"high","attackType":["model_poisoning","supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["MONAI","Medical Open Network for AI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.01229,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-586"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"model","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}