6 matches found
Arbitrary Code Execution (ACE)
Qiskit is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to unsafe deserialization in the qiskit.qpy.load function, which allows a maliciously crafted QPY file to execute embedded Python code without privilege escalation...
acquantum-qiskit (>=0.0.1 <=0.0.3), aer-plugin (>=0.0.1 <=0.0.2) +161 more potentially affected by CVE-2025-2000 via qiskit (>=0.18.3 <=1.4.0)
qiskit PYPI version =0.18.3, =0.0.1, =0.0.1, =0.1.0, =0.1.4, =0.1.4, =0.0.1, =0.6.0, =0.0.0, =2.0.0, =0.0.3, =0.0.2, =0.1.0, =0.1.0.3 and more Source cves: CVE-2025-2000 Source advisory: SNYK:PYTHON-QISKIT-9459043...
CVE-2025-2000
CVE-2025-2000 describes arbitrary code execution via deserialization of QPY files in Qiskit QPY.load() for formats
Denial Of Service (DoS)
qiskit is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of malformed symengine serialization streams within QPY files, allowing an attacker to trigger a segmentation fault in the symengine library using a malicious QPY file...
acquantum-qiskit (>=0.0.1 <=0.0.3), aqmlator (=0.2.0) +84 more potentially affected by CVE-2025-1403 via qiskit (>=0.45.0 <=1.2.4)
qiskit PYPI version =0.45.0, =0.0.1, =0.0.1, =0.0.0, =2.0.0, =0.0.3, =0.1.1, =1.3.0, =0.2.0, =0.1.1, =0.1.0rc1, =0.1.0, =0.1.3 and more Source cves: CVE-2025-1403 Source advisory: SNYK:PYTHON-QISKIT-8743941...
Deserialization of Untrusted Data
Overview qiskit is an An open-source SDK for working with quantum computers at the level of extended quantum circuits, operators, and primitives. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the deserialization of QPY files containing malformed symengi...