Vulnerability Details CVE-2025-1403
Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker to cause a denial of service using a maliciously crafted QPY file containing a malformed symengine serialization stream which can cause a segfault within the symengine library.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.3%
CVSS Severity
CVSS v3 Score 8.6
Products affected by CVE-2025-1403
-
cpe:2.3:a:ibm:qiskit:0.45.0
-
cpe:2.3:a:ibm:qiskit:0.45.1
-
cpe:2.3:a:ibm:qiskit:0.45.2
-
cpe:2.3:a:ibm:qiskit:0.45.3
-
cpe:2.3:a:ibm:qiskit:0.46.0
-
cpe:2.3:a:ibm:qiskit:0.46.1
-
cpe:2.3:a:ibm:qiskit:0.46.2
-
cpe:2.3:a:ibm:qiskit:0.46.3
-
cpe:2.3:a:ibm:qiskit:1.0.0
-
cpe:2.3:a:ibm:qiskit:1.0.1
-
cpe:2.3:a:ibm:qiskit:1.0.2
-
cpe:2.3:a:ibm:qiskit:1.1.0
-
cpe:2.3:a:ibm:qiskit:1.1.1
-
cpe:2.3:a:ibm:qiskit:1.1.2
-
cpe:2.3:a:ibm:qiskit:1.2.0
-
cpe:2.3:a:ibm:qiskit:1.2.1
-
cpe:2.3:a:ibm:qiskit:1.2.2
-
cpe:2.3:a:ibm:qiskit:1.2.3
-
cpe:2.3:a:ibm:qiskit:1.2.4