CVE-2025-2000
Published: 14 March 2025
Summary
CVE-2025-2000 is a critical-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Ibm Qiskit. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 37.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Timely flaw remediation through patching Qiskit versions 0.18.0-1.4.1 directly eliminates the deserialization vulnerability enabling arbitrary code execution from malicious QPY files.
Information input validation ensures QPY files are checked for valid structure and content before deserialization, blocking malicious payloads with embedded Python code.
Malicious code protection scans and prevents execution of arbitrary Python code embedded in QPY files during processing by the qiskit.qpy.load() function.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The deserialization flaw in qiskit.qpy.load() allows remote attackers to supply a malicious QPY file that executes arbitrary Python code during processing (no auth or interaction required), directly enabling T1190 for exploiting a public-facing or network-accessible application and T1059.006 for Python interpreter execution.
NVD Description
A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats < 13. A python process calling Qiskit 0.18.0 through 1.4.1's `qiskit.qpy.load()` function could potentially execute any arbitrary Python code embedded…
more
in the correct place in the binary file as part of specially constructed payload.
Deeper analysisAI
CVE-2025-2000 is a critical deserialization vulnerability (CWE-502) affecting the Qiskit quantum computing framework, specifically versions 0.18.0 through 1.4.1. The flaw resides in the `qiskit.qpy.load()` function, which processes QPY binary files in formats less than version 13. A maliciously crafted QPY file can embed arbitrary Python code that executes during deserialization without requiring privilege escalation. The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-03-14.
The attack scenario involves remote attackers with no privileges or user interaction, who can supply a specially constructed QPY payload to any Python process invoking the vulnerable `qiskit.qpy.load()` function. Successful exploitation allows execution of arbitrary Python code embedded in the file, enabling full compromise of the affected process with high impact on confidentiality, integrity, and availability.
Mitigation details are available in the IBM support advisory at https://www.ibm.com/support/pages/node/7185949.
Details
- CWE(s)