Cato CTRL™ Threat Research: New Streamlit Vulnerability Enables Cloud Account Takeover Attack and Stock Market Dashboard Tampering 

Executive Summary 

Imagine financial analysts watching stock prices suddenly drop. Dashboards show misaligned data, market confidence disappears, and trading screens across the NASDAQ turn red. But this time, the disruption isn’t caused by politics or economic shifts. It starts with a cyberattack. We reveal how a simple and overlooked flaw in Streamlit’s file upload feature, part of a widely used open-source framework for building stock market dashboards, could be used to cause this kind of financial chaos. 

We recently discovered a vulnerability in Streamlit that allows threat actors to conduct a cloud account takeover attack. To do that, threat actors bypass file type restrictions and take full control of a misconfigured cloud instance running Streamlit applications. In our demonstration, we exploited this vulnerability on a cloud instance in a test environment configured with a Streamlit application from a publicly available image. This setup is common, easily accessible, and can sometimes lack strict access controls if not configured properly by organizations. Once compromised, such misconfigured cloud instances can:  

• Expose sensitive cloud data;  
• Allow the modification of backend files, and;  
• Provide control for tampering with financial data in a cloud account takeover attack, as demonstrated in our scenario where Streamlit is used to build stock market dashboards.  

Figure 1. Illustration of Streamlit vulnerability exploitation 

Streamlit (acquired by Snowflake in March 2022) has become a go-to open-source framework for rapidly building data applications, including machine learning (ML) prototypes, healthcare analytics dashboards, financial data visualizations, real-time threat monitors, and internal business tools. While our proof-of-concept (PoC) focused on a misconfigured cloud instance, we note that Streamlit is also integrated with other platforms, such as the option to deploy Streamlit applications in Snowflake. Although we did not attempt exploitation in those environments, the presence of this vulnerability in widely integrated components like Streamlit may contribute to a broader attack surface and raise potential concerns for supply chain security wherever the framework is used without proper safeguards.

Timeline & Disclosure 

• February 21, 2025: Vulnerability discovered by the Application Security Research Team at Cato Networks. 

• February 25, 2025: Responsible disclosure was initiated by Cato Networks via a pull request to the Streamlit maintainers. Full technical details and suggested remediations were also provided to Streamlit. 

• February 27, 2025: Streamlit acknowledged the issue and confirmed that a fix was in progress. 

• March 11, 2025: A patch was released in version 1.43.2, introducing backend validation to enforce file-type restrictions in st.file_uploader.  

• March 30, 2025: Snyk published a security advisory related to the same issue, independently and without prior coordination with Cato Networks. 

• April 6, 2025: Cato Networks requested a CVE classification from Streamlit. However, Streamlit did not consider it a security vulnerability, stating that the type parameter in st.file_uploader was designed primarily for user interface (UI) filtering and the responsibility for securely handling uploaded files rests with the developers implementing the Streamlit application. 

• April 16, 2025 and July 6, 2025: Cato Networks submitted two cases to MITRE to request a CVE classification.  

• July 24, 2025: As of time of writing, MITRE has not responded to Cato Networks.  

We appreciate Streamlit’s efforts to address the vulnerability with a timely patch. 

To help mitigate this vulnerability, Cato has updated its threat prevention capabilities in the Cato SASE Cloud Platform with protections targeting the techniques used in this exploit chain including: 

• Detection of unauthorized file upload bypass attempts.  
• Identification of abnormal filename paths and directory traversal patterns

2025 Cato CTRL Threat Report | Download the report

Technical Overview 

Cloud Account Takeover Demonstration Using Misconfigured Streamlit Deployment 

In the video demonstration below, we show how a seemingly simple file upload can lead to full cloud account access. From there, a threat actor could manipulate Streamlit-built stock market dashboards and potentially influence real-time stock market behavior, creating a scenario of widespread financial disruption. To simulate this, we used Streamlit to model a financial organization running a ML-powered stock market dashboard. The application was based on a preconfigured Streamlit image. In typical use, the application allows users to upload training data, launch model inference jobs, and visualize results such as stock price predictions or a portfolio performance monitoring dashboard. 

In our scenario, the threat actor discovers a publicly accessible Streamlit instance. The application was deployed directly on a cloud instance with a public IP address and without appropriate network access restrictions. This setup is unfortunately common in fast-paced data science environments where speed and experimentation often take priority over security controls. 

Assuming the following:  

• The threat actor has full control over the cloud account;  

• Stock market data is fetched and stored within that environment without external validation or effective monitoring to detect tampering; and  

• Users rely on the displayed prices without cross-checking; then  

• The threat actor could potentially alter ingestion of pipeline scripts, database values, or dashboard code—leading to undetected manipulation. 

Such stock market dashboards may drive automated alerts, risk models, and internal strategy decisions, meaning the manipulation could trigger a chain reaction of portfolio adjustments. Traders might begin reacting to false signals, media sentiment could shift, and eventually, financial investors may follow the manipulated trend. This could result in a temporary but damaging drop in the targeted company’s stock, allowing the threat actor to short the stock and profit.  

As outlined in the shared responsibility model, the configuration of access controls, firewall rules, and other security measures within the customer environment falls under the customer’s responsibility. 

How a Simple Upload Can Manipulate a Stock Market Dashboard 

At the core of this exploit is st.file_uploader, a Streamlit widget designed to handle user file uploads. Developers often rely on the type parameter to limit accepted file types (such as PDFs), assuming it provides security enforcement. However, at the time of testing in February 2025, Streamlit applied this restriction only on the client side, with no server-side validation to enforce the allowed types. This created an arbitrary file upload vulnerability. 

 
Using an application security tool like Burp Suite to intercept and modify the upload request, a threat actor could bypass the frontend restriction by changing the file extension during transit and upload a malicious file disguised as a valid one. To demonstrate the potential consequences, we built an intentionally vulnerable application that included a directory traversal flaw. While this second vulnerability was not part of Streamlit itself, it allowed us to simulate a real-world scenario where the uploaded file could be written to a sensitive path, such as .ssh/authorized_keys, ultimately enabling remote shell access. 

 
The video demonstration above highlights how even a single weakness, when combined with common misconfigurations, can escalate into a critical security incident. What started as a convenient UI feature became a critical attack vector. When such applications run on cloud instances with attached Identity and Access Management (IAM) roles and access to cloud services, the vulnerability can be chained into full system compromise and cloud infrastructure exposure. 

Technical Breakdown: Behind the Vulnerability 

Improper File Type Enforcement in st.file_uploader 

• What went wrong: Streamlit’s file-type restrictions were enforced only in the browser via JavaScript. 
• The flaw: Backend logic failed to verify the file extension, trusting client-side behavior. 
• The exploit: A threat actor intercepts the upload request and renames a malicious file to mimic a PDF (e.g., malicious.exe), completely bypassing the UI restriction. 

Directory Traversal + File Overwrite 

• Step 1: Threat actor modifies the uploaded filename to ../../.ssh/authorized_keys 
• Step 2: Uploads a file containing their public secure shell (SSH) key. 
• Step 3: The cloud instance’s authorized_keys file is silently overwritten. 
• Result: The threat actor now has passwordless SSH access. 

Full Exploit Flow 

Here’s how a threat actor escalates a frontend misconfiguration into complete system compromise, as shown in Figure 1. 

1. Reconnaissance: Discover a Streamlit application deployed on a publicly accessible cloud instance with file upload capabilities. 

2. Bypass: Use a proxy tool to intercept and manipulate the file upload request. Alter file extension and path. 

3. Overwrite: Replace authorized_keys with threat actor-controlled SSH key. 

4. Gain Access: SSH into the cloud machine using a private key. 

5. Enumerate Cloud Environment: Access metadata, extract IAM roles, and list IAM users. 

6. Financial Impact Potential: Intercept or modify data pipelines that power real-time stock market dashboards, database values, or dashboard code to influence trading behavior. 

Shared Responsibility 

The demonstration above was performed in a test environment to show how exploiting the Streamlit vulnerability in a misconfigured cloud instance can lead to a cloud account takeover attack. The vulnerability affects the application layer and does not involve flaws in the underlying cloud infrastructure. These types of outcomes are only possible when proper access controls and configurations are not enforced. 

In alignment with the shared responsibility model, customers are responsible for securing their cloud environments. This includes configuring network restrictions, managing file and directory permissions, and applying access controls around applications such as Streamlit. 

Conclusion 

Our discovery of this vulnerability in Streamlit highlights that even seemingly minor components, such as a file upload widget, can introduce security risks. Relying solely on client-side validation can lead to severe consequences. When such flaws exist in widely used frameworks, the potential impact grows rapidly, including the risk of supply chain exposure for platforms integrated with Streamlit or other open-source tools.  

Protections 

To help mitigate this vulnerability, Cato has updated its threat prevention capabilities in the Cato SASE Cloud Platform with protections targeting the techniques used in this exploit chain: 

• Detection of unauthorized file upload bypass attempts.  

• Identification of abnormal filename paths and directory traversal patterns.  

Customers should ensure that cloud instances hosting web applications are not publicly accessible without proper network restrictions, firewall policies, and identity access controls. Preventing these common misconfigurations is critical to reducing the risk of compromise, even when application-layer vulnerabilities exist. 

The post Cato CTRL™ Threat Research: New Streamlit Vulnerability Enables Cloud Account Takeover Attack and Stock Market Dashboard Tampering  appeared first on Cato Networks.