Количество 2
Количество 2
CVE-2025-2000
A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats < 13. A python process calling Qiskit 0.18.0 through 1.4.1's `qiskit.qpy.load()` function could potentially execute any arbitrary Python code embedded in the correct place in the binary file as part of specially constructed payload.
GHSA-6m2c-76ff-6vrf
Qiskit allows arbitrary code execution decoding QPY format versions < 13
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-2000 A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats < 13. A python process calling Qiskit 0.18.0 through 1.4.1's `qiskit.qpy.load()` function could potentially execute any arbitrary Python code embedded in the correct place in the binary file as part of specially constructed payload. | CVSS3: 9.8 | 0% Низкий | 11 месяцев назад |
| GHSA-6m2c-76ff-6vrf Qiskit allows arbitrary code execution decoding QPY format versions < 13 | CVSS3: 9.8 | 0% Низкий | 11 месяцев назад |
Уязвимостей на страницу