CVE-2025-1403 | HackTesting

Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker to cause a denial of service using a maliciously crafted QPY file containing a malformed symengine serialization stream which can cause a segfault within the symengine library.

Credits

Matthew Treinish and Jake Lishman

References

https://www.ibm.com/support/pages/node/7183868