CVE-2025-1403: IBM Qiskit DOS Vulnerability

CVE-2025-1403 Overview

CVE-2025-1403 is an Insecure Deserialization vulnerability affecting IBM Qiskit SDK versions 0.45.0 through 1.2.4. The vulnerability allows a remote attacker to cause a denial of service by crafting a malicious QPY file containing a malformed symengine serialization stream. When processed, this malicious file triggers a segmentation fault within the symengine library, crashing the application.

Critical Impact
Remote attackers can crash Qiskit SDK applications without authentication by supplying specially crafted QPY files, potentially disrupting quantum computing workflows and research operations.

Affected Products

IBM Qiskit SDK versions 0.45.0 through 1.2.4
Applications utilizing Qiskit's QPY file parsing functionality
Quantum computing workflows that accept external QPY files

Discovery Timeline

2025-02-21 - CVE-2025-1403 published to NVD
2025-09-30 - Last updated in NVD database

Technical Details for CVE-2025-1403

Vulnerability Analysis

This vulnerability stems from improper handling of serialized data within Qiskit's QPY file format. QPY (Qiskit Python Serialization) is a binary format used for serializing and deserializing quantum circuits in Qiskit. The vulnerability specifically occurs during the deserialization process when the symengine library attempts to parse a malformed serialization stream.

The attack exploits the trust placed in QPY file contents without adequate validation. When Qiskit loads a QPY file, it passes serialized symengine expressions to the symengine library for reconstruction. A carefully crafted malformed stream can cause the symengine library to access invalid memory locations, resulting in a segmentation fault that terminates the entire process.

This vulnerability is classified under CWE-502 (Deserialization of Untrusted Data), as the core issue lies in processing untrusted serialized content without sufficient validation of the data stream's integrity and format compliance.

Root Cause

The root cause is insufficient validation of symengine serialization streams within QPY files before they are passed to the symengine library for deserialization. The QPY parser does not adequately verify the structural integrity or bounds of the serialized data, allowing malformed streams to reach the underlying symengine deserialization routines and trigger memory access violations.

Attack Vector

The attack is network-accessible and requires no authentication or user interaction. An attacker can exploit this vulnerability by:

Crafting a malicious QPY file with a corrupted symengine serialization stream
Delivering this file to a target system running a vulnerable Qiskit version
Triggering the application to load or process the malicious QPY file
The segfault occurs during deserialization, causing immediate application crash

The vulnerability is particularly concerning in scenarios where Qiskit applications accept QPY files from untrusted sources, such as collaborative quantum computing platforms, file-sharing services, or API endpoints that process user-submitted quantum circuit files.

Detection Methods for CVE-2025-1403

Indicators of Compromise

Unexpected application crashes with segmentation fault signals in Qiskit-based services
Core dumps containing symengine library stack traces during QPY file processing
Unusual QPY file uploads or processing requests from external sources
Repeated service restarts or watchdog triggers in quantum computing workflows

Detection Strategies

Monitor application logs for SIGSEGV signals occurring during QPY file operations
Implement file integrity checking on QPY files before processing
Deploy application-level monitoring to detect abnormal crash patterns in Qiskit services
Review system logs for core dumps associated with symengine library functions

Monitoring Recommendations

Enable crash reporting and alerting for Qiskit-based applications
Implement rate limiting on endpoints that accept QPY file uploads
Monitor for patterns of malformed file submissions that could indicate probing attempts
Deploy SentinelOne Singularity to detect and alert on application crash patterns indicative of exploitation attempts

How to Mitigate CVE-2025-1403

Immediate Actions Required

Upgrade Qiskit SDK to version 1.2.5 or later immediately
Audit all applications and workflows that process QPY files from external sources
Implement input validation to reject suspiciously formatted QPY files before processing
Consider isolating QPY file processing in sandboxed environments to limit crash impact

Patch Information

IBM has released a security patch addressing this vulnerability. Organizations should upgrade to Qiskit SDK version 1.2.5 or later, which includes fixes for the malformed symengine serialization handling. Detailed patch information and upgrade instructions are available in the IBM Support Advisory.

Workarounds

Restrict QPY file uploads to trusted sources only until patching is complete
Implement file scanning and validation checks before passing QPY files to Qiskit
Run Qiskit applications in isolated containers with automatic restart capabilities to limit DoS impact
Consider temporarily disabling QPY file import functionality for untrusted inputs if business requirements permit

bash

# Upgrade Qiskit to patched version
pip install --upgrade qiskit>=1.2.5

# Verify installed version
python -c "import qiskit; print(qiskit.__version__)"

CVE-2025-1403 Overview

Critical Impact
Remote attackers can crash Qiskit SDK applications without authentication by supplying specially crafted QPY files, potentially disrupting quantum computing workflows and research operations.

Affected Products

IBM Qiskit SDK versions 0.45.0 through 1.2.4
Applications utilizing Qiskit's QPY file parsing functionality
Quantum computing workflows that accept external QPY files

Discovery Timeline

2025-02-21 - CVE-2025-1403 published to NVD
2025-09-30 - Last updated in NVD database

Technical Details for CVE-2025-1403

Vulnerability Analysis

Root Cause

Attack Vector

The attack is network-accessible and requires no authentication or user interaction. An attacker can exploit this vulnerability by:

Crafting a malicious QPY file with a corrupted symengine serialization stream
Delivering this file to a target system running a vulnerable Qiskit version
Triggering the application to load or process the malicious QPY file
The segfault occurs during deserialization, causing immediate application crash

Detection Methods for CVE-2025-1403

Indicators of Compromise

Unexpected application crashes with segmentation fault signals in Qiskit-based services
Core dumps containing symengine library stack traces during QPY file processing
Unusual QPY file uploads or processing requests from external sources
Repeated service restarts or watchdog triggers in quantum computing workflows

Detection Strategies

Monitor application logs for SIGSEGV signals occurring during QPY file operations
Implement file integrity checking on QPY files before processing
Deploy application-level monitoring to detect abnormal crash patterns in Qiskit services
Review system logs for core dumps associated with symengine library functions

Monitoring Recommendations

Enable crash reporting and alerting for Qiskit-based applications
Implement rate limiting on endpoints that accept QPY file uploads
Monitor for patterns of malformed file submissions that could indicate probing attempts
Deploy SentinelOne Singularity to detect and alert on application crash patterns indicative of exploitation attempts

How to Mitigate CVE-2025-1403

Immediate Actions Required

Upgrade Qiskit SDK to version 1.2.5 or later immediately
Audit all applications and workflows that process QPY files from external sources
Implement input validation to reject suspiciously formatted QPY files before processing
Consider isolating QPY file processing in sandboxed environments to limit crash impact

Patch Information

Workarounds

Restrict QPY file uploads to trusted sources only until patching is complete
Implement file scanning and validation checks before passing QPY files to Qiskit
Run Qiskit applications in isolated containers with automatic restart capabilities to limit DoS impact
Consider temporarily disabling QPY file import functionality for untrusted inputs if business requirements permit

bash

# Upgrade Qiskit to patched version
pip install --upgrade qiskit>=1.2.5

# Verify installed version
python -c "import qiskit; print(qiskit.__version__)"

CVE-2025-1403: IBM Qiskit DOS Vulnerability

CVE-2025-1403 Overview

Critical Impact

Affected Products

Discovery Timeline

Technical Details for CVE-2025-1403

Vulnerability Analysis

Root Cause

Attack Vector

Detection Methods for CVE-2025-1403

Indicators of Compromise

Detection Strategies

Monitoring Recommendations

How to Mitigate CVE-2025-1403

Immediate Actions Required

Patch Information

Workarounds

Experience the World’s Most Advanced Cybersecurity Platform

CVE-2025-1403: IBM Qiskit DOS Vulnerability

CVE-2025-1403 Overview

Critical Impact

Affected Products

Discovery Timeline

Technical Details for CVE-2025-1403

Vulnerability Analysis

Root Cause

Attack Vector

Detection Methods for CVE-2025-1403

Indicators of Compromise

Detection Strategies

Monitoring Recommendations

How to Mitigate CVE-2025-1403

Immediate Actions Required

Patch Information

Workarounds

Experience the World’s Most Advanced Cybersecurity Platform