CVE-2025-1403
HIGHQiskit 0.45.0-1.2.4 - Denial of Service via Malformed Symengine Serialization Stream
Title source: llmDescription
Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker to cause a denial of service using a maliciously crafted QPY file containing a malformed symengine serialization stream which can cause a segfault within the symengine library.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
patch
https://www.ibm.com/support/pages/node/7183868
Scores
CVSS v3
8.6
EPSS
0.0010
EPSS Percentile
27.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-502
Status
published
Products (3)
ibm/qiskit
0.45.0 - 1.2.4
pypi/qiskit
0.45.0 - 1.3.0PyPI
pypi/qiskit-terra
0.45.0PyPI
Published
Feb 21, 2025
Tracked Since
Feb 18, 2026