CVE-2025-1403

HIGH Year: 2025
CVSS v3 Score
8.6
High
Weakness Type
CWE-502
View all →

Vulnerability Description

Qiskit SDK 0.45.0 through 1.2.4 could allow a remote attacker to cause a denial of service using a maliciously crafted QPY file containing a malformed symengine serialization stream which can cause a segfault within the symengine library.

Related Vulnerabilities

CVE-2021-21349

HIGH
CVSS:8.6(High)

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resourc...

CWE-5022021

CVE-2021-21371

HIGH
CVSS:8.6(High)

Tenable for Jira Cloud is an open source project designed to pull Tenable.io vulnerability data, then generate Jira Tasks and sub-tasks based on the vulnerabilities' current state. It published in pyp...

CWE-5022021

CVE-2021-27475

HIGH
CVSS:8.6(High)

Rockwell Automation Connected Components Workbench v12.00.00 and prior does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object t...

CWE-5022021

CVE-2021-39150

HIGH
CVSS:8.5(High)

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicl...

CWE-5022021

CVE-2021-39152

HIGH
CVSS:8.5(High)

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicl...

CWE-5022021

CVE-2024-24842

HIGH
CVSS:8.7(High)

Deserialization of Untrusted Data vulnerability in Echo Plugins Knowledge Base for Documentation, FAQs with AI Assistance.This issue affects Knowledge Base for Documentation, FAQs with AI Assistance: ...

CWE-5022024