A critical vulnerability in Streamlit, the popular open-source framework for building data applications, enables attackers to conduct cloud account takeover attacks.
The flaw, discovered in February 2025, exploits weaknesses in Streamlit’s st.file_uploader component to bypass file type restrictions and gain unauthorized access to cloud instances running Streamlit applications.
The vulnerability demonstrates how seemingly minor components can create significant security risks, particularly when deployed in misconfigured cloud environments.
Key Takeaways
1. Severe Streamlit bug enabling cloud account takeovers and financial data tampering.
2. Attackers could upload malicious files and gain unauthorized access.
3. Streamlit patched the issue.
Streamlit Vulnerability – Account Takeover Attacks
The vulnerability originates from improper file type enforcement in Streamlit’s file upload widget, where restrictions were only applied client-side through JavaScript without server-side validation.
Security researchers demonstrated how attackers could use proxy tools like Burp Suite to intercept upload requests and bypass frontend restrictions by modifying file extensions during transit.
The attack chain involves uploading malicious files disguised as legitimate ones, such as renaming malicious.exe to appear as a PDF file.
In their proof-of-concept demonstration, researchers showed how this could escalate to directory traversal attacks, where threat actors modify uploaded filenames to ../../.ssh/authorized_keys and overwrite critical system files with their SSH public keys.
This technique grants passwordless remote access to compromised cloud instances running Streamlit applications.
The technical exploitation follows a systematic approach: reconnaissance of publicly accessible Streamlit instances, request interception to alter file extensions and paths, authorized_keys file overwriting, SSH access establishment, cloud environment enumeration, and finally data pipeline manipulation.
The implications for financial institutions are particularly alarming, as Streamlit has become a go-to framework for building stock market dashboards, machine learning prototypes, and real-time financial data visualizations.
Cato Networks’ researchers revealed how compromised instances could manipulate ingestion of pipeline scripts, database values, and dashboard code, potentially leading to undetected market manipulation.
Such attacks could trigger cascading effects where automated trading systems respond to false signals, media sentiment shifts based on manipulated data, and investors follow fraudulent trends.
The researchers noted that “stock market dashboards may drive automated alerts, risk models, and internal strategy decisions, meaning the manipulation could trigger a chain reaction of portfolio adjustments”.
Streamlit acknowledged the vulnerability and released a patch in 1.43.2, introducing backend validation to enforce file-type restrictions.
Cato Networks has updated its SASE Cloud Platform with enhanced threat prevention capabilities targeting unauthorized file upload bypass attempts and abnormal filename path detection.
Organizations are urged to ensure that cloud instances hosting web applications implement proper network restrictions and access controls.
Integrate ANY.RUN TI Lookup with your SIEM or SOAR To Analyses Advanced Threats -> Try 50 Free Trial Searches
