Security Bulletin: Qiskit SDK Vulnerability Allows Remote Attackers to Cause Denial of Service via Maliciously Crafted QPY File

Summary A maliciously crafted QPY file containing a malformed symengine serialization stream as part of the larger QPY serialization of a ParameterExpression object can cause a segfault within the symengine library, allowing an attacker to terminate the hosting process. Vulnerability Details...

Arbitrary Code Execution (ACE)

Qiskit is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to unsafe deserialization in the qiskit.qpy.load function, which allows a maliciously crafted QPY file to execute embedded Python code without privilege escalation...

CVE-2025-2000

A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats 13. A python process calling Qiskit 0.18.0 through 1.4.1's qiskit.qpy.load function could potentially execute any arbitrary Python code embedded...

Deserialization of Untrusted Data

Overview qiskit-terra is a Software for developing quantum computing programs Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the qiskit.qpy.load function. An attacker can execute arbitrary code by crafting a malicious QPY file and loading it via this...

Qiskit allows arbitrary code execution decoding QPY format versions < 13

Impact A maliciously crafted QPY file can potentially execute arbitrary-code embedded in the payload without privilege escalation when deserializing QPY formats 13. A python process calling Qiskit's qiskit.qpy.load function could potentially execute any arbitrary Python code embedded in the corre...

CVE-2025-2000

A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats 13. A python process calling Qiskit 0.18.0 through 1.4.1's qiskit.qpy.load function could potentially execute any arbitrary Python code embedded ...

CVE-2025-2000

A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats 13. A python process calling Qiskit 0.18.0 through 1.4.1's qiskit.qpy.load function could potentially execute any arbitrary Python code embedded ...

CVE-2025-2000 Qiskit SDK code execution

A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats 13. A python process calling Qiskit 0.18.0 through 1.4.1's qiskit.qpy.load function could potentially execute any arbitrary Python code embedded ...

Denial Of Service (DoS)

qiskit is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of malformed symengine serialization streams within QPY files, allowing an attacker to trigger a segmentation fault in the symengine library using a malicious QPY file...

CVE-2025-1403

CVE-2025-1403 affects Qiskit SDK from 0.45.0 to 1.2.4, where a malicious QPY file with a malformed symengine serialization stream can trigger a segfault in the symengine library, enabling remote denial of service. The Red Hat, OSV, and IBM advisories confirm the vulnerability and provide remediat...

CVE-2025-1403 Qiskit SDK denial of service

Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker to cause a denial of service using a maliciously crafted QPY file containing a malformed symengine serialization stream which can cause a segfault within the symengine library...