CVE-2025-2000 in Qiskit SDKالمعلومات

الملخص

بحسب MITRE • 14/03/2025

A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats < 13. A python process calling Qiskit 0.18.0 through 1.4.1's `qiskit.qpy.load()` function could potentially execute any arbitrary Python code embedded in the correct place in the binary file as part of specially constructed payload.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

Ibm

حجز

05/03/2025

إفشاء

14/03/2025

الاعتدال

تمت الموافقة

إدخال

VDB-299725

CPE

جاهز

CWE

CWE-502 (مؤكد)

CVSS

9.8 (CNA)

EPSS

0.00168

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-2000
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-2000
CVE Details	https://www.cvedetails.com/cve/CVE-2025-2000/

التالي ▸نظرة عامة ◂ السابق

Want to know what is going to be exploited?

We predict KEV entries!