CVE-2025-2000: Qiskit allows arbitrary code execution decoding QPY format versions < 13

March 14, 2025 (updated May 2, 2025)

A maliciously crafted QPY file can potentially execute arbitrary-code embedded in the payload without privilege escalation when deserializing QPY formats < 13. A python process calling Qiskit’s qiskit.qpy.load() function could potentially execute any arbitrary Python code embedded in the correct place in the binary file as part of a specially constructed payload.

References

github.com/Qiskit/qiskit
github.com/Qiskit/qiskit/security/advisories/GHSA-6m2c-76ff-6vrf
github.com/advisories/GHSA-6m2c-76ff-6vrf
nvd.nist.gov/vuln/detail/CVE-2025-2000
www.ibm.com/support/pages/node/7185949

Code Behaviors & Features

Detect and mitigate CVE-2025-2000 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →