CVE-2025-2000

A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats 13. A python process calling Qiskit 0.18.0 through 1.4.1's qiskit.qpy.load function could potentially execute any arbitrary Python code embedded...

acquantum-qiskit (>=0.0.1 <=0.0.3), aer-plugin (>=0.0.1 <=0.0.2) +122 more potentially affected by CVE-2025-2000 via qiskit (>=0.40.0 <=1.4.1)

qiskit PYPI version =0.40.0, =0.0.1, =0.0.1, =0.1.0, =0.0.1, =0.6.0, =0.0.0, =2.0.0, =0.0.3, =2023.5.21, =0.0.1, =0.1.1, =0.1.3 and more Source cves: CVE-2025-2000 Source advisory: OSV:GHSA-6M2C-76FF-6VRF...

GHSA-3PWP-2FQJ-6G2P Duplicate Advisory: Qiskit allows arbitrary code execution decoding QPY format versions < 13

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6m2c-76ff-6vrf. This link is maintained to preserve external references. Original Description A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege...

CVE-2025-2000

A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats 13. A python process calling Qiskit 0.18.0 through 1.4.1's qiskit.qpy.load function could potentially execute any arbitrary Python code embedded ...

acquantum-qiskit (>=0.0.1 <=0.0.3), aqmlator (=0.2.0) +84 more potentially affected by CVE-2025-1403 via qiskit (>=0.45.0 <=1.2.4)

qiskit PYPI version =0.45.0, =0.0.1, =0.0.1, =0.0.0, =2.0.0, =0.0.3, =0.1.1, =1.3.0, =0.2.0, =0.1.1, =0.1.0rc1, =0.1.0, =0.1.3 and more Source cves: CVE-2025-1403 Source advisory: OSV:GHSA-FPMR-M242-XM7X...