CVE-2025-58755 is a high-severity path traversal vulnerability (CWE-22) affecting Project-MONAI, an AI toolkit widely used for healthcare imaging. The vulnerability exists in versions up to and including 1.5.0, where the extractall function of the zipfile module is used without proper validation of file paths during decompression. Specifically, the function zip_file.extractall(output_dir) is called directly on potentially malicious zip files. This allows an attacker to craft a zip archive containing files with path traversal sequences (e.g., '../') that can escape the intended extraction directory and overwrite arbitrary system files. The impact is critical as it can lead to full compromise of the host system by overwriting system binaries or configuration files, affecting confidentiality, integrity, and availability. Furthermore, the MONAI project allows downloading of the zip content through a link, increasing the attack surface by enabling remote exploitation without user interaction. As of the publication date, no patches or fixed versions are available, and no known exploits have been observed in the wild yet. The CVSS v3.1 score is 8.8, reflecting the network attack vector, low attack complexity, requirement for low privileges but no user interaction, and high impact on confidentiality, integrity, and availability. This vulnerability is particularly dangerous in healthcare environments where MONAI is deployed for medical imaging AI workflows, as it could lead to manipulation or destruction of sensitive patient data and disruption of critical healthcare services.

For European organizations, especially healthcare providers and research institutions using MONAI for medical imaging AI, this vulnerability poses a significant risk. Exploitation could lead to unauthorized modification or deletion of critical system files, potentially causing system outages or data corruption. Given the sensitive nature of healthcare data, breaches could result in severe privacy violations under GDPR, leading to regulatory penalties and loss of patient trust. The ability to remotely trigger the vulnerability via downloadable zip files increases the likelihood of exploitation in networked environments. Disruption of AI-based diagnostic tools could delay patient care and impact clinical outcomes. Additionally, healthcare organizations are often targeted by sophisticated threat actors, increasing the risk that this vulnerability could be weaponized in targeted attacks. The lack of a patch means organizations must rely on mitigation strategies to prevent exploitation, which may complicate operational workflows and increase security overhead.

Given the absence of an official patch, European organizations should implement the following specific mitigations: 1) Immediately audit and restrict access to MONAI instances, limiting exposure to untrusted users and networks. 2) Disable or restrict the functionality that allows downloading and automatic extraction of zip files from untrusted sources. 3) Implement strict input validation and sandboxing around any file extraction processes, ensuring that zip files are decompressed only in isolated environments with no write access to critical system directories. 4) Employ file integrity monitoring to detect unauthorized changes to system files that could indicate exploitation attempts. 5) Use network-level controls such as web application firewalls (WAFs) or intrusion prevention systems (IPS) to block or alert on suspicious zip file uploads or downloads. 6) Monitor logs for unusual file extraction activities or errors related to zip processing. 7) Engage with the MONAI community or vendor to track the release of patches and plan for timely updates once available. 8) Consider alternative AI imaging toolkits without this vulnerability until a fix is released, if operationally feasible.