EUVD-2025-6417

Malicious code in bioql PyPI...

Duplicate Advisory: Qiskit allows arbitrary code execution decoding QPY format versions < 13

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6m2c-76ff-6vrf. This link is maintained to preserve external references. Original Description A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege...

Malciously crafted QPY files can allows Remote Attackers to Cause Denial of Service in Qiskit

Impact A maliciously crafted QPY file containing a malformed symengine serialization stream as part of the larger QPY serialization of a ParameterExpression object can cause a segfault within the symengine library, allowing an attacker to terminate the hosting process deserializing the QPY payloa...

PT-2025-7502 · Symengine +1 · Symengine +1

Name of the Vulnerable Software and Affected Versions: Qiskit SDK versions 0.45.0 through 1.2.4 Description: A maliciously crafted QPY file containing a malformed symengine serialization stream can cause a segfault within the symengine library, allowing an attacker to terminate the hosting proces...