A critical vulnerability in ESA AnomalyMatch before version 1.3.1 allows attackers to execute arbitrary code through crafted model checkpoint files. The vulnerability stems from the use of torch.load() with unrestricted deserialization when loading model files from session directories. This unsafe deserialization flaw can be exploited by attackers who can provide malicious model checkpoint files to the application. The vulnerability affects the core functionality of the machine learning components that handle model loading operations.