Security Advisory

IBM Product Security Update Advisory (CVE-2025-2000)

  • Mar 19 2025
IBM Product Security Update Advisory (CVE-2025-2000)

Overview

We have released a security update to fix vulnerabilities in IBM products. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

CVE-2025-2000

Qiskit SDK versions: 0.18.0 through 1.4.1 (inclusive)

 

 

Resolved Vulnerabilities

Arbitrary code execution vulnerability when using specially crafted QPY files (CVE-2025-2000)

 

 

Vulnerability Patches

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
 

 

CVE-2025-2000

Qiskit SDK version: 1.4.2
Qiskit SDK version: 2.0.0

 

 

References

[1] Security Bulletin: Arbitrary QPY Execution in Qiskit SDK QPY Deserialization < 13
https://www.ibm.com/support/pages/node/7185949

Tags:
Previous Post

Next Post