CVE-2025-70560

HIGH

Jwohlwend Boltz - Insecure Deserialization

Title source: rule

Description

Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. An attacker with the ability to place a malicious pickle file in a directory processed by boltz can achieve arbitrary code execution when the file is loaded.

References (3)

[Product] https://github.com/jwohlwend/boltz/blob/cb04aeccdd480fd4db707f0bbafde538397fa2ac/src/boltz/data/mol.py#L80

View Writeup ZIP pw:eip

[Issue Tracking] https://github.com/jwohlwend/boltz/issues/600

[Various Sources] https://github.com/advisories/GHSA-fjm6-8xp2-4fwc

Scores

CVSS v3 8.4

EPSS 0.0006

EPSS Percentile 19.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (2)

jwohlwend/boltz

pypi/boltz PyPI

Timeline

Published Feb 03, 2026

Tracked Since Feb 18, 2026