What is the CVSS score of CVE-2025-58755?

CVE-2025-58755 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Medical Open Network For Ai are affected by CVE-2025-58755?

Organizations using many places in the project. In face significant risk from CVE-2025-58755, a path traversal vulnerability rated CVSS 8.8.. A patch is available.

Is there a public PoC exploit available for CVE-2025-58755?

Yes, a public proof-of-concept exploit is available for CVE-2025-58755. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2025-58755?

Within 7 days: Identify all affected systems running many places in the project. In and apply vendor patches promptly. Review file handling controls and restrict upload directories.

Medical Open Network For Ai CVE-2025-58755

HIGH

Path Traversal (CWE-22)

2025-09-09 security-advisories@github.com

GHSA-x6ww-pf9m-m73m

Path Traversal Medical Open Network For Ai

8.8

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

8.8 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 28, 2026 - 19:11 vuln.today

PoC Detected

Sep 19, 2025 - 15:25 vuln.today

Public exploit code

CVE Published

Sep 09, 2025 - 00:15 nvd

HIGH 8.8

DescriptionGitHub Advisory

MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. The extractall function zip_file.extractall(output_dir) is used directly to process compressed files. It is used in many places in the project. In versions up to and including 1.5.0, when the Zip file containing malicious content is decompressed, it overwrites the system files. In addition, the project allows the download of the zip content through the link, which increases the scope of exploitation of this vulnerability. As of time of publication, no known fixed versions are available.

AnalysisAI

MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. MONAI (Medical Open Network for AI) is an AI toolkit for health care imaging. The extractall function zip_file.extractall(output_dir) is used directly to process compressed files. It is used in many places in the project. In versions up to and including 1.5.0, when the Zip file containing malicious content is decompressed, it overwrites the system files. In addition, the project allows the download of the zip content through the link, which increases the scope of exploitation of this vulnerability. As of time of publication, no known fixed versions are available. Affected products include: Monai Medical Open Network For Ai.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.

CVE-2025-58755 vulnerability details – vuln.today

Back

Medical Open Network For Ai CVE-2025-58755

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code