The vulnerability stems from unsafe deserialization via pickle.loads in the decode() function. The HiddenLayer advisory specifically references line 54-55 in proc_wrapper.py where pickle.loads is used without validation. This matches CWE-502 patterns where untrusted data deserialization leads to RCE. The code context shows this is part of the BYOM model handling flow where user-controlled models are processed, making this the primary attack vector.