CVE-2025-70560
Unknown Unknown - Not Provided
Insecure Deserialization in Boltz 2.0.0 Enables Code Execution

Publication date: 2026-02-03

Last updated on: 2026-02-19

Assigner: MITRE

Description
Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. An attacker with the ability to place a malicious pickle file in a directory processed by boltz can achieve arbitrary code execution when the file is loaded.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-03
Last Modified
2026-02-19
Generated
2026-06-16
AI Q&A
2026-02-04
EPSS Evaluated
2026-06-15
NVD
CVE-2025-70560
EUVD
EUVD-2025-206702
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
jwohlwend boltz 2.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python's pickle module to deserialize molecule data files without validating their contents.

This means that if an attacker can place a malicious pickle file in a directory that Boltz processes, the application will deserialize this file and execute arbitrary code embedded within it.

Impact Analysis

An attacker who can place a malicious pickle file in a directory processed by Boltz can achieve arbitrary code execution on the system running the application.

This could lead to full system compromise, unauthorized access to sensitive data, disruption of services, or further attacks within the affected environment.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability involves insecure deserialization of Python pickle files in the molecule loading functionality of Boltz 2.0.0. Detection would involve identifying the presence of malicious or unexpected pickle files in directories processed by Boltz.'}, {'type': 'paragraph', 'content': 'Since the vulnerability arises when Boltz loads pickle files without validation, you can detect potential exploitation attempts by monitoring for unusual or unauthorized pickle files in the relevant directories.'}, {'type': 'list_item', 'content': "Use file system commands to list and inspect pickle files in Boltz's data directories, for example: `find /path/to/boltz/data -name '*.pkl'` or `find /path/to/boltz/data -name '*.pickle'`."}, {'type': 'list_item', 'content': 'Check file creation and modification times to identify recent or suspicious pickle files: `ls -l --time=ctime /path/to/boltz/data/*.pkl`.'}, {'type': 'list_item', 'content': 'Monitor Boltz application logs (if available) for errors or unusual activity related to molecule loading.'}, {'type': 'paragraph', 'content': 'There are no specific commands or detection tools provided in the available resources.'}] [1, 2]

Mitigation Strategies

Immediate mitigation steps should focus on preventing the loading of untrusted or malicious pickle files by Boltz.

  • Restrict write permissions to directories where Boltz loads molecule pickle files to trusted users only.
  • Avoid placing or allowing untrusted pickle files in directories processed by Boltz.
  • If possible, disable or limit the use of Python pickle deserialization in Boltz until a secure patch or update is available.
  • Monitor for updates or patches from the Boltz project that address this insecure deserialization vulnerability.

No official patches or detailed mitigation instructions are provided in the available resources.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-70560. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart