Cyber Posture

CVE-2025-70560

High

Published: 03 February 2026

Published
03 February 2026
Modified
19 February 2026
KEV Added
Patch
CVSS Score 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0009 26.2th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-70560 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Jwohlwend Boltz. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Python (T1059.006); ranked at the 26.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Python (T1059.006). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly remediates the insecure deserialization flaw in Boltz by identifying, testing, and applying patches or updates to version 2.0.0.

SI-10 Information Input Validation good match
prevent

Requires validation of untrusted molecule data files at input points before deserialization to block malicious Python pickle payloads.

SI-7 Software, Firmware, and Information Integrity partial match
prevent

Verifies the integrity of molecule data files using cryptographic checks prior to loading, mitigating tampering that enables arbitrary code execution.

MITRE ATT&CK Enterprise TechniquesAI

T1059.006 Python Execution
Adversaries may abuse Python commands and scripts for execution.
attack.mitre.org →
Why these techniques?

Insecure pickle deserialization in Python directly enables arbitrary code execution via T1059.006.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. An attacker with the ability to place a malicious pickle file in a directory processed by…

more

boltz can achieve arbitrary code execution when the file is loaded.

Deeper analysisAI

CVE-2025-70560 is an insecure deserialization vulnerability (CWE-502) in Boltz version 2.0.0, published on 2026-02-03. The issue affects the molecule loading functionality, where the application deserializes molecule data files using Python's pickle module without validation. This flaw has a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

An attacker with the ability to place a malicious pickle file in a directory processed by Boltz can exploit the vulnerability. Upon loading the file, the deserialization triggers arbitrary code execution on the host system running Boltz, with no privileges required and low attack complexity.

Advisories and related resources include the GitHub Security Advisory at GHSA-fjm6-8xp2-4fwc, the vulnerable code at github.com/jwohlwend/boltz/blob/cb04aeccdd480fd4db707f0bbafde538397fa2ac/src/boltz/data/mol.py#L80, and discussion in github.com/jwohlwend/boltz/issues/600.

Details

CWE(s)
CWE-502

Affected Products

jwohlwend
boltz
2.0.0

CVEs Like This One

CVE-2025-62373Shared CWE-502
CVE-2025-27780Shared CWE-502
CVE-2026-3071Shared CWE-502
CVE-2024-9701Shared CWE-502
CVE-2026-24186Shared CWE-502
CVE-2025-24016Shared CWE-502
CVE-2026-22609Shared CWE-502
CVE-2026-26210Shared CWE-502
CVE-2025-2000Shared CWE-502
CVE-2026-22612Shared CWE-502

References