Qiskit

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-2000 CRITICAL PATCH Act Now

A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats < 13. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Privilege Escalation Deserialization Qiskit
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-1403 HIGH PATCH This Week

Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker to cause a denial of service using a maliciously crafted QPY file containing a malformed symengine serialization stream which can cause a. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Denial Of Service Qiskit
NVD
CVSS 3.1
8.6
EPSS
0.4%
CVE-2025-2000
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats < 13. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Privilege Escalation Deserialization +1
NVD
CVE-2025-1403
EPSS 0% CVSS 8.6
HIGH PATCH This Week

Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker to cause a denial of service using a maliciously crafted QPY file containing a malformed symengine serialization stream which can cause a. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Denial Of Service Qiskit
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy