TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2025-70560

HIGH
8.4

Beschreibung

Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. An attacker with the ability to place a malicious pickle file in a directory processed by boltz can achieve arbitrary code execution when the file is loaded.

CVE Details

CVSS v3.1 Bewertung8.4
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorLOCAL
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht2/3/2026
Zuletzt geandert2/19/2026
Quellenvd
Honeypot-Sichtungen0

Betroffene Produkte

jwohlwend:boltz

Schwachen (CWE)

CWE-502

Referenzen

https://github.com/advisories/GHSA-fjm6-8xp2-4fwc(cve@mitre.org)
https://github.com/jwohlwend/boltz/blob/cb04aeccdd480fd4db707f0bbafde538397fa2ac/src/boltz/data/mol.py#L80(cve@mitre.org)
https://github.com/jwohlwend/boltz/issues/600(cve@mitre.org)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.