The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • Data Pipelines
      Security Data Pipeline for AI SIEM and Data Optimization
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2025-70560

CVE-2025-70560: Boltz 2.0.0 RCE Vulnerability

CVE-2025-70560 is a remote code execution vulnerability in Boltz 2.0.0 caused by insecure deserialization of pickle files. Attackers can execute arbitrary code by placing malicious files. This article covers technical details, impact, and mitigation.

Published: February 6, 2026

CVE-2025-70560 Overview

CVE-2025-70560 is an insecure deserialization vulnerability in Boltz 2.0.0, a Python-based application used for molecule loading functionality. The vulnerability exists because the application uses Python pickle to deserialize molecule data files without proper validation. An attacker who can place a malicious pickle file in a directory processed by Boltz can achieve arbitrary code execution when the file is loaded.

Critical Impact

Successful exploitation enables arbitrary code execution with the privileges of the application, potentially leading to complete system compromise, data exfiltration, or lateral movement within affected environments.

Affected Products

  • Boltz 2.0.0
  • Systems processing untrusted molecule data files with Boltz

Discovery Timeline

  • 2026-02-03 - CVE CVE-2025-70560 published to NVD
  • 2026-02-04 - Last updated in NVD database

Technical Details for CVE-2025-70560

Vulnerability Analysis

This vulnerability falls under CWE-502 (Deserialization of Untrusted Data), a well-documented class of security flaws that occurs when applications deserialize data from untrusted sources without adequate safeguards. In the case of Boltz 2.0.0, the molecule loading functionality utilizes Python's native pickle module to deserialize molecule data files.

Python's pickle module is inherently unsafe for processing untrusted data because it can execute arbitrary Python code during the deserialization process. When a pickle file is loaded, the __reduce__ method of contained objects can be exploited to execute system commands, import modules, or perform other malicious operations. The vulnerability requires local access to place a malicious file in a directory that Boltz processes, but once triggered, it provides full code execution capabilities.

Root Cause

The root cause of this vulnerability is the use of Python's pickle.load() or pickle.loads() functions on untrusted input without implementing any validation, sandboxing, or safe deserialization alternatives. The vulnerable code path exists in the mol.py file within the Boltz data handling module. The application trusts that all pickle files in processed directories are legitimate molecule data, creating an exploitation opportunity when an attacker can introduce malicious files.

Attack Vector

The attack requires local access to the system where Boltz is running. An attacker must be able to write a specially crafted pickle file to a directory that Boltz processes for molecule data. This could be achieved through:

  1. Direct file system access on a shared or multi-user system
  2. Exploiting another vulnerability that allows file upload or write operations
  3. Social engineering a user to download a malicious pickle file to a processed directory
  4. Supply chain attacks where malicious molecule data files are distributed through trusted channels

When Boltz processes the malicious pickle file, the embedded payload executes with the same privileges as the Boltz application, enabling arbitrary command execution, reverse shells, data theft, or further system compromise.

The vulnerable code pattern involves loading pickle files without validation. For technical details on the specific implementation, see the GitHub Code Analysis and the GitHub Issue #600 Discussion.

Detection Methods for CVE-2025-70560

Indicators of Compromise

  • Unexpected pickle files appearing in Boltz molecule data directories
  • Unusual process spawning from Boltz application processes
  • Anomalous network connections initiated by processes associated with Boltz
  • File system modifications or new file creations by the Boltz process outside normal operational paths

Detection Strategies

  • Monitor for file creation events in directories processed by Boltz, particularly files with .pkl, .pickle, or related extensions
  • Implement process monitoring to detect child processes spawned by the Boltz application that deviate from normal behavior
  • Deploy endpoint detection and response (EDR) solutions to identify pickle deserialization exploitation patterns
  • Enable Python runtime security monitoring to detect suspicious module imports or os.system() calls during deserialization

Monitoring Recommendations

  • Configure file integrity monitoring (FIM) on directories used by Boltz for molecule data processing
  • Implement application-level logging to track all file loading operations within Boltz
  • Set up alerts for unusual command execution patterns originating from Python processes running Boltz
  • Review and audit access controls on directories where Boltz reads molecule data files

How to Mitigate CVE-2025-70560

Immediate Actions Required

  • Audit all directories processed by Boltz 2.0.0 for unexpected or untrusted pickle files
  • Restrict write access to Boltz data directories to trusted users and processes only
  • Consider temporarily disabling Boltz or isolating systems running Boltz until a patch is available
  • Implement additional access controls and monitoring on systems running vulnerable versions

Patch Information

No official patch information is currently available in the CVE data. Users should monitor the GitHub Issue #600 Discussion for updates on a potential fix. Until a patch is released, implementing the recommended workarounds is critical to reducing exposure.

Workarounds

  • Implement strict file system permissions to prevent untrusted users from writing to directories processed by Boltz
  • Run Boltz in an isolated environment such as a container or sandbox to limit the impact of potential exploitation
  • Pre-validate all molecule data files before processing, rejecting any files that appear to be pickle format from untrusted sources
  • Consider using alternative serialization formats such as JSON or Protocol Buffers that do not allow code execution during deserialization
bash
# Example: Restrict write permissions on Boltz data directories
chmod 755 /path/to/boltz/data
chown root:boltz-users /path/to/boltz/data
# Remove write access for non-root users
chmod o-w /path/to/boltz/data
# Monitor for new files in the directory
inotifywait -m -e create /path/to/boltz/data

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeRCE
  • Vendor/TechBoltz
  • SeverityHIGH
  • CVSS Score8.4
  • EPSS Probability0.06%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityHigh
  • CWE References
  • CWE-502
  • Technical References
  • GitHub Code Analysis
  • GitHub Issue #600 Discussion
  • Latest CVEs
  • CVE-2025-9185: Mozilla Firefox RCE Vulnerability
  • CVE-2025-9184: Mozilla Firefox RCE Vulnerability
  • CVE-2025-9180: Mozilla Firefox Auth Bypass Vulnerability
  • CVE-2025-8030: Mozilla Firefox RCE Vulnerability
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English