Cyber Resilience

CVE-2025-70560

High

Published: 03 February 2026

Published
03 February 2026
Modified
19 February 2026
KEV Added
Patch
CVSS Score v3.1 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0014 3.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-70560 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Jwohlwend Boltz. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Python (T1059.006); ranked at the 3.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-70560 is an insecure deserialization vulnerability (CWE-502) in Boltz version 2.0.0, published on 2026-02-03. The issue affects the molecule loading functionality, where the application deserializes molecule data files using Python's pickle module without validation. This flaw has a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

An attacker with the ability to place a malicious pickle file in a directory processed by Boltz can exploit the vulnerability. Upon loading the file, the deserialization triggers arbitrary code execution on the host system running Boltz, with no privileges required and low attack complexity.

Advisories and related resources include the GitHub Security Advisory at GHSA-fjm6-8xp2-4fwc, the vulnerable code at github.com/jwohlwend/boltz/blob/cb04aeccdd480fd4db707f0bbafde538397fa2ac/src/boltz/data/mol.py#L80, and discussion in github.com/jwohlwend/boltz/issues/600.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. An attacker with the ability to place a malicious pickle file in a directory processed by…

more

boltz can achieve arbitrary code execution when the file is loaded.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.006 Python Execution
Adversaries may abuse Python commands and scripts for execution.
Why these techniques?

Insecure pickle deserialization in Python directly enables arbitrary code execution via T1059.006.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-50460Shared CWE-502
CVE-2026-24186Shared CWE-502
CVE-2026-31219Shared CWE-502
CVE-2025-27780Shared CWE-502
CVE-2025-56005Shared CWE-502
CVE-2026-31223Shared CWE-502
CVE-2026-7584Shared CWE-502
CVE-2026-24150Shared CWE-502
CVE-2026-22609Shared CWE-502
CVE-2026-31234Shared CWE-502

Affected Assets

jwohlwend
boltz
2.0.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the insecure deserialization flaw in Boltz by identifying, testing, and applying patches or updates to version 2.0.0.

prevent

Requires validation of untrusted molecule data files at input points before deserialization to block malicious Python pickle payloads.

prevent

Verifies the integrity of molecule data files using cryptographic checks prior to loading, mitigating tampering that enables arbitrary code execution.

References