CVE-2025-70560

HIGH 8.4

CVSS Score

8.4

EPSS Score

0.0%

EPSS Percentile

0th

Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. An attacker with the ability to place a malicious pickle file in a directory processed by boltz can achieve arbitrary code execution when the file is loaded.

Vendor	n/a
Product	n/a
Published	Feb 3, 2026
Last Updated	Feb 19, 2026

Stay Ahead of the Next One

Get instant alerts for n/a n/a

Be the first to know when new high vulnerabilities affecting n/a n/a are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

n/a / n/a

n/a

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/jwohlwend/boltz/issues/600 github.com: https://github.com/jwohlwend/boltz/blob/cb04aeccdd480fd4db707f0bbafde538397fa2ac/src/boltz/data/mol.py#L80 github.com: https://github.com/advisories/GHSA-fjm6-8xp2-4fwc