1. Home
  2. CVE Database
  3. CVE-2025-70560
HIGH · 8.4

CVE-2025-70560

Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. An attac...

Vulnerability Description

Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. An attacker with the ability to place a malicious pickle file in a directory processed by boltz can achieve arbitrary code execution when the file is loaded.

CVSS Score

8.4

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
JwohlwendBoltz2.0.0

Related Weaknesses (CWE)

CWE-502

References

FAQ

What is CVE-2025-70560?

CVE-2025-70560 is a vulnerability with a CVSS score of 8.4 (HIGH). Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. An attac...

How severe is CVE-2025-70560?

CVE-2025-70560 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-70560?

Check the references section above for vendor advisories and patch information. Affected products include: Jwohlwend Boltz.