CVE-2025-58755 is a high-severity path traversal vulnerability (CWE-22) affecting the MONAI (Medical Open Network for AI) toolkit, versions up to and including 1.5.0. MONAI is an AI framework widely used in healthcare imaging for developing and deploying machine learning models. The vulnerability arises from the unsafe use of the extractall function in Python's zipfile module, specifically zip_file.extractall(output_dir), which is called directly on untrusted zip archives. This function does not validate or sanitize file paths within the archive, allowing an attacker to craft a malicious zip file containing file paths with directory traversal sequences (e.g., ../) that escape the intended extraction directory. When such a malicious archive is decompressed, it can overwrite arbitrary files on the host system, including critical system files, leading to full compromise of confidentiality, integrity, and availability. The risk is exacerbated by MONAI's feature that allows downloading zip content via a link, increasing the attack surface by enabling remote attackers to deliver malicious archives. No fixed versions are currently available, and no known exploits have been reported in the wild yet. The CVSS v3.1 score is 8.8 (high), reflecting network attack vector, low attack complexity, requiring privileges but no user interaction, and resulting in high impact on confidentiality, integrity, and availability. This vulnerability poses a significant risk to healthcare organizations relying on MONAI for AI-driven medical imaging workflows, as exploitation could lead to system compromise, data tampering, or denial of service, potentially disrupting critical healthcare services and patient data integrity.

For European organizations, particularly healthcare providers and research institutions using MONAI, this vulnerability could have severe consequences. Exploitation can lead to unauthorized modification or deletion of system and application files, potentially causing system outages or corruption of sensitive medical imaging data. This threatens patient safety, data privacy under GDPR, and compliance with healthcare regulations such as the EU Medical Device Regulation (MDR). The ability to overwrite system files remotely increases the risk of ransomware or other malware deployment, which could paralyze healthcare operations. Additionally, since MONAI is an open-source AI toolkit gaining adoption in Europe’s digital health initiatives, the vulnerability could impact a broad range of entities from hospitals to AI research centers. The lack of a patch means organizations must rely on mitigations to prevent exploitation, increasing operational complexity and risk. The potential for data integrity loss and service disruption could undermine trust in AI-based healthcare solutions and delay digital transformation efforts in the European health sector.

1. Immediate mitigation should involve disabling or restricting the functionality that processes and extracts zip files from untrusted sources until a patch is available. 2. Implement strict input validation and sanitization on all uploaded or downloaded zip archives to detect and reject files with suspicious path traversal sequences before extraction. 3. Use safer extraction libraries or custom extraction code that explicitly checks and enforces that extracted file paths remain within the intended directory boundary. 4. Employ application-level sandboxing or containerization to isolate the extraction process, limiting the potential damage if exploitation occurs. 5. Monitor file system changes and maintain integrity checks on critical system and application files to detect unauthorized modifications promptly. 6. Restrict privileges of the MONAI process to the minimum necessary, preventing it from overwriting sensitive system files. 7. Network-level controls should limit access to the zip download functionality to trusted users and networks. 8. Stay informed on updates from the MONAI project and apply patches immediately once released. 9. Conduct security awareness training for developers and operators about the risks of path traversal vulnerabilities and secure file handling practices.