CVE-2025-70560
Insecure Deserialization in Boltz 2.0.0 Enables Code Execution
Publication date: 2026-02-03
Last updated on: 2026-02-19
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| jwohlwend | boltz | 2.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability involves insecure deserialization of Python pickle files in the molecule loading functionality of Boltz 2.0.0. Detection would involve identifying the presence of malicious or unexpected pickle files in directories processed by Boltz.'}, {'type': 'paragraph', 'content': 'Since the vulnerability arises when Boltz loads pickle files without validation, you can detect potential exploitation attempts by monitoring for unusual or unauthorized pickle files in the relevant directories.'}, {'type': 'list_item', 'content': "Use file system commands to list and inspect pickle files in Boltz's data directories, for example: `find /path/to/boltz/data -name '*.pkl'` or `find /path/to/boltz/data -name '*.pickle'`."}, {'type': 'list_item', 'content': 'Check file creation and modification times to identify recent or suspicious pickle files: `ls -l --time=ctime /path/to/boltz/data/*.pkl`.'}, {'type': 'list_item', 'content': 'Monitor Boltz application logs (if available) for errors or unusual activity related to molecule loading.'}, {'type': 'paragraph', 'content': 'There are no specific commands or detection tools provided in the available resources.'}] [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps should focus on preventing the loading of untrusted or malicious pickle files by Boltz.
- Restrict write permissions to directories where Boltz loads molecule pickle files to trusted users only.
- Avoid placing or allowing untrusted pickle files in directories processed by Boltz.
- If possible, disable or limit the use of Python pickle deserialization in Boltz until a secure patch or update is available.
- Monitor for updates or patches from the Boltz project that address this insecure deserialization vulnerability.
No official patches or detailed mitigation instructions are provided in the available resources.
Can you explain this vulnerability to me?
Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python's pickle module to deserialize molecule data files without validating their contents.
This means that if an attacker can place a malicious pickle file in a directory that Boltz processes, the application will deserialize this file and execute arbitrary code embedded within it.
How can this vulnerability impact me? :
An attacker who can place a malicious pickle file in a directory processed by Boltz can achieve arbitrary code execution on the system running the application.
This could lead to full system compromise, unauthorized access to sensitive data, disruption of services, or further attacks within the affected environment.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know