PYSEC-2025-141

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/monai/PYSEC-2025-141.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2025-141

Aliases

Published

2025-09-09T00:15:32.457Z

Modified

2026-05-20T09:19:08.703538Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. In versions up to and including 1.5.0, in model_dict = torch.load(full_path, map_location=torch.device(device), weights_only=True) in monai/bundle/scripts.py , weights_only=True is loaded securely. However, insecure loading methods still exist elsewhere in the project, such as when loading checkpoints. This is a common practice when users want to reduce training time and costs by loading pre-trained models downloaded from other platforms. Loading a checkpoint containing malicious content can trigger a deserialization vulnerability, leading to code execution. As of time of publication, no known fixed versions are available.

References

https://github.com/Project-MONAI/MONAI/security/advisories/GHSA-6vm5-6jv9-rjpj

Affected packages

PyPI / monai

Package

Name: monai; View open source insights on deps.dev
Purl: pkg:pypi/monai

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.1rc1

Affected versions

0.*

0.0.1

0.1.0

0.2.0

0.3.0

0.4.0

0.5.0

0.5.1

0.5.2

0.5.3

0.6.0

0.7.0

0.8.0

0.8.1

0.9.0

0.9.1

1.*

1.0.0

1.0.1

1.1.0

1.2.0

1.3.0

1.3.1

1.3.2rc1

1.3.2

1.3.3rc1

1.4.0rc1

1.4.0rc2

1.4.0rc3

1.4.0rc4

1.4.0rc5

1.4.0rc6

1.4.0rc7

1.4.0rc8

1.4.0rc9

1.4.0rc10

1.4.0rc11

1.4.0rc12

1.4.0

1.4.1rc1

1.5.0rc1

1.5.0

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/monai/PYSEC-2025-141.yaml"