The Ludwig framework, as used in versions 0.10.4 and earlier, contains an insecure deserialization flaw in its predict() method. When a user supplies a dataset file path, the framework automatically determines the format; if the file is a pickle (.pkl) it is loaded directly with pandas.read_pickle() without any validation or security checks. This permits a malicious attacker to craft a pickle file that deserializes arbitrary Python objects, leading to remote code execution on the system running the Ludwig prediction engine.

The vulnerability affects every installation of the Ludwig framework 0.10.4 or earlier, regardless of the hosting environment. Any deployment that exposes the predict() API and accepts local file paths can be exploited. The issue is vendor‑agnostic within this product line; it does not affect downstream packages that only use stable, non‑pickle inputs.

The attack vector is remote, requiring an attacker to send a crafted pickle file to the predict endpoint over the network. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, but the absence of a remedial patch in exposed deployments makes exploitation likely. While no CVSS score is assigned in the data, the potential for arbitrary code execution is generally classified as critical. Therefore, the risk is high for any system that runs the vulnerable Ludwig version and is reachable by untrusted users.