CVE-2025-1403: Malciously crafted QPY files can allows Remote Attackers to Cause Denial of Service in Qiskit
A maliciously crafted QPY file containing a malformed symengine
serialization stream as part of the larger QPY serialization of a ParameterExpression
object can cause a segfault within the symengine
library, allowing an attacker to terminate the hosting process deserializing the QPY payload.
References
Detect and mitigate CVE-2025-1403 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →