CVE-2025-70560 is an insecure deserialization vulnerability found in Boltz version 2.0.0, specifically in its molecule loading functionality. Boltz uses Python's pickle module to deserialize molecule data files, but it does so without validating the contents of these files. Python pickle is known to be unsafe when handling untrusted data because it can execute arbitrary code during deserialization. An attacker who can place a crafted malicious pickle file in any directory that Boltz processes can trigger arbitrary code execution when the application loads this file. The vulnerability does not require any user interaction or privileges, but the attacker must have the ability to write files to the target directory, which implies local or network file system access. The vulnerability is categorized under CWE-502 (Deserialization of Untrusted Data). The CVSS v3.1 base score is 8.4 (high), reflecting the high impact on confidentiality, integrity, and availability, combined with low attack complexity and no required privileges or user interaction. No patches or fixes are currently linked, and no known exploits have been reported in the wild as of the publication date. This vulnerability poses a significant risk to environments where Boltz is used for chemical or molecular data processing, potentially allowing attackers to execute arbitrary commands, steal sensitive data, or disrupt operations.

The impact of CVE-2025-70560 is severe for organizations using Boltz 2.0.0, especially in scientific research, chemical analysis, and pharmaceutical industries where molecular data processing is critical. Successful exploitation leads to arbitrary code execution, which can result in full system compromise, data theft, manipulation of scientific results, or denial of service. Because the vulnerability affects confidentiality, integrity, and availability, attackers can exfiltrate sensitive intellectual property, alter or corrupt molecular data, or disrupt critical workflows. The requirement for the attacker to place a malicious file limits remote exploitation but does not eliminate risk in environments where file system access can be gained through other means, such as compromised credentials or network shares. The lack of available patches increases the urgency for mitigation. Organizations worldwide relying on Boltz for molecular computations face potential operational and reputational damage if exploited.

To mitigate CVE-2025-70560, organizations should immediately restrict write permissions to directories processed by Boltz to trusted users only, minimizing the risk of malicious file placement. Implement network segmentation and access controls to limit who can write to these directories, especially over network shares. Consider running Boltz in a sandboxed or containerized environment with minimal privileges to contain potential exploitation. Monitor file system activity for unexpected or suspicious pickle files. If possible, replace or modify the molecule loading functionality to avoid using Python pickle for deserialization or implement strict validation and allowlisting of deserialized data. Stay alert for official patches or updates from Boltz developers and apply them promptly once available. Additionally, conduct regular security audits and penetration testing focused on file handling and deserialization vulnerabilities in scientific software environments.