2 matches found
CVE-2025-2000
CVE-2025-2000 describes arbitrary code execution via deserialization of QPY files in Qiskit QPY.load() for formats
Malciously crafted QPY files can allows Remote Attackers to Cause Denial of Service in Qiskit
Impact A maliciously crafted QPY file containing a malformed symengine serialization stream as part of the larger QPY serialization of a ParameterExpression object can cause a segfault within the symengine library, allowing an attacker to terminate the hosting process deserializing the QPY payloa...