Description

A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats < 13. A python process calling Qiskit 0.18.0 through 1.4.1's `qiskit.qpy.load()` function could potentially execute any arbitrary Python code embedded in the correct place in the binary file as part of specially constructed payload.

INFO

Published Date :

2025-03-14T13:04:46.351Z

Last Modified :

2026-02-26T19:09:30.796Z

Source :

ibm
AFFECTED PRODUCTS

The following products are affected by CVE-2025-2000 vulnerability.

Vendors Products
Ibm
  • Qiskit
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-2000.

URL Resource
https://www.ibm.com/support/pages/node/7185949 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact