IBM Qiskit Quantum SDK Denial of Service Vulnerability

Crow

 IBM Qiskit Quantum SDK Denial of Service Vulnerability

CVE-2025-1403 is a high-severity vulnerability in the Qiskit SDK, an open-source quantum computing framework, that allows remote attackers to cause a denial of service (DoS) by exploiting maliciously crafted QPY files. This vulnerability primarily affects Qiskit versions prior to 1.3.0 when using QPY format versions 10, 11, and 12, especially if symengine version 0.13.0 or lower is installed. (02/21/2025) 

Qiskit is designed to facilitate the creation and execution of quantum algorithms, providing tools for quantum circuit creation, simulation, and execution on quantum hardware. It supports various serialization formats, including QPY, which is used to store quantum programs. However, a vulnerability exists in how Qiskit handles certain QPY files, specifically those containing malformed symengine serialization streams. 

The vulnerability arises from the way Qiskit deserializes QPY files that contain malformed symengine serialization streams. When such a file is deserialized, it can cause a segmentation fault within the symengine library, leading to a denial of service by terminating the hosting process. This issue is particularly problematic because it allows remote attackers to craft malicious QPY files that can disrupt the operation of systems using vulnerable versions of Qiskit.

  • : Versions 0.45.0 through 1.2.4 are affected.

  • : Versions 10, 11, and 12 are vulnerable if they use symengine symbolic encoding.

  • : Versions 0.13.0 or lower are affected.

The impact of this vulnerability is significant, as it can lead to a denial of service. This means that an attacker can cause the system to become unavailable by exploiting the vulnerability, which can have serious consequences in environments where reliability and uptime are critical.

The CVSS score for CVE-2025-1403 is 7.3, classified as HIGH. This indicates that the vulnerability poses a substantial risk and should be addressed promptly.

Consider a scenario where a researcher is working on a quantum computing project using Qiskit. They receive a QPY file from a colleague or download it from an untrusted source. If this file is maliciously crafted to exploit CVE-2025-1403, deserializing it could cause the researcher's system to crash, leading to a loss of work and potentially disrupting critical research timelines.

To mitigate this vulnerability, users are advised to:

  1. : Upgrade to Qiskit version 1.3.0 or later, which uses QPY format version 13 and is not vulnerable to this issue. This can be done using the command pip install --upgrade qiskit.

  2. : Consider patching the locally installed version of symengine by applying a specific commit that prevents the segfault. However, note that symengine version 0.14.0, which fixes the segfault issue, is backward incompatible and will not work with any Qiskit release.

  3. : Implement a check to avoid deserializing potentially vulnerable QPY files. A Python function is provided to determine if a QPY payload is potentially vulnerable based on its version and symbolic encoding.

python
import struct
from collections import namedtuple

def check_qpy_payload(path: str) -> bool:
    """Function to check if a QPY payload is potentially vulnerable to a symengine vulnerability."""
    
    with open(path, "rb") as file_obj:
        version = struct.unpack("!6sB", file_obj.read(7))
        
        if version[1] < 10 or version[1] >= 13:
            return False
        
        file_obj.seek(0)
        
        header_tuple = namedtuple(
            "FILE_HEADER",
            [
                "preface",
                "qpy_version",
                "major_version",
                "minor_version",
                "patch_version",
                "num_programs",
                "symbolic_encoding",
            ],
        )
        
        header_pack_str = "!6sBBBBQc"
        header_read_size = struct.calcsize(header_pack_str)
        data = struct.unpack(header_pack_str, file_obj.read(header_read_size))
        header = header_tuple(*data)
        
        return header.symbolic_encoding == b"e"

This function checks the QPY file version and symbolic encoding to determine if it may be vulnerable. However, it does not guarantee that the payload is malicious; it only identifies conditions that could lead to a vulnerability.

Conclusion

CVE-2025-1403 poses a significant risk to systems using vulnerable versions of Qiskit. Prompt action is necessary to update Qiskit and consider patching symengine to prevent potential denial-of-service attacks. Implementing checks for potentially vulnerable QPY files can also help mitigate this risk.


  • https://nvd.nist.gov/



0 Comments

Hello, share your thoughts with us.