CVE-2025-70560

Name of the Vulnerable Software and Affected Versions Boltz version 2.0.0

Description The software contains an insecure deserialization issue in its molecule loading functionality. It utilizes Python pickle to deserialize molecule data files without proper validation. An attacker capable of placing a malicious pickle file in a directory processed by the application can achieve arbitrary code execution when the file is loaded. The application uses the pickle module to deserialize data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.