CVE-2025-1403

Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker to cause a denial of service using a maliciously crafted QPY file containing a malformed symengine serialization stream which can cause a segfault within the symengine library.

CVSS v3 8.6 HIGH

8.6^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.ibm.com/support/pages/node/7183868	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:qiskit:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-02-21 17:15

Updated : 2025-09-30 15:25

NVD link : CVE-2025-1403

Mitre link : CVE-2025-1403

CVE.ORG link : CVE-2025-1403

JSON object : View

Products Affected

ibm

qiskit

CWE

CWE-502

Deserialization of Untrusted Data

{"id": "CVE-2025-1403", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 3.9}]}, "published": "2025-02-21T17:15:13.437", "references": [{"url": "https://www.ibm.com/support/pages/node/7183868", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker to cause a denial of service using a maliciously crafted QPY file containing a malformed symengine serialization stream which can cause a segfault within the symengine library."}, {"lang": "es", "value": "Qiskit SDK 0.45.0 a 1.2.4 podr\u00eda permitir que un atacante remoto provoque una denegaci\u00f3n de servicio utilizando un archivo QPY manipulado con fines malintencionados que contenga un flujo de serializaci\u00f3n de Symengine malformado que puede causar un error de segmentaci\u00f3n dentro de la librer\u00eda de Symengine."}], "lastModified": "2025-09-30T15:25:51.423", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:qiskit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5CAEC3E9-9112-46A3-9957-DB282DF3AED1", "versionEndIncluding": "1.2.4", "versionStartIncluding": "0.45.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}