A critical vulnerability in Streamlit’s file upload feature that could enable attackers to execute cloud account takeover attacks on misconfigured instances.
The vulnerability, which client-side file type restrictions, was exploited in a proof-of-concept demonstration showing how financial market dashboards could be manipulated to influence stock prices.
The vulnerability centers on Streamlit’s st.file_uploader widget, which implements file type restrictions only on the client side through JavaScript validation.
At the time of testing in February 2025, the backend lacked server-side validation to enforce allowed file types, creating an arbitrary file upload vulnerability.
Attackers can exploit this vulnerability by intercepting upload requests using tools like Burp Suite and modifying the file extension during transit.
This technique allows malicious files to be uploaded while disguised as legitimate file types such as PDFs.
When combined with directory traversal vulnerabilities in vulnerable applications, attackers can overwrite critical system files like .ssh/authorized_keys, enabling passwordless SSH access to cloud instances.
The exploit chain follows a predictable pattern: reconnaissance of publicly accessible Streamlit applications, bypassing file restrictions through request manipulation, overwriting system files with attacker-controlled content, gaining SSH access, and ultimately achieving full cloud account compromise with access to IAM roles and sensitive data.
Streamlit Vulnerability
Cato Networks demonstrated the vulnerability’s potential impact using a simulated financial dashboard scenario.
The researchers showed how attackers with cloud account access could manipulate stock market dashboards by altering data ingestion scripts, database values, or dashboard code without detection.
In their proof-of-concept, the manipulation could trigger automated trading alerts and risk models, potentially causing traders to react to false signals.
This cascading effect might shift media sentiment and investor behavior, leading to temporary but damaging stock price drops that attackers could exploit through short selling strategies.
The demonstration highlighted how a simple file upload vulnerability could escalate into market manipulation affecting financial stability.
Timeline and Industry Response
The vulnerability was discovered by Cato Networks on February 21, 2025, with responsible disclosure initiated four days later.
Streamlit acknowledged the issue on February 27, 2025, and released a patch in version 1.43.2 on March 11, 2025, introducing backend validation to enforce file-type restrictions.
However, the disclosure process revealed disagreement about severity classification. While Cato Networks requested CVE classification on April 6, 2025, Streamlit maintained that the type parameter was designed primarily for UI filtering, placing responsibility for secure file handling on application developers.
Snyk independently published a security advisory on March 30, 2025, and assigned CVE-2025-1684 to the vulnerability. As of July 24, 2025, MITRE had not responded to Cato Networks’ CVE classification requests.
The vulnerability affects Streamlit versions prior to 1.43.2, impacting the widely-used open-source framework that was acquired by Snowflake in March 2022 for $800 million.
Streamlit has become integral to data science workflows, powering machine learning prototypes, healthcare analytics dashboards, financial visualizations, and business intelligence tools across numerous organizations.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
.webp?w=356&resize=356,220&ssl=1 "Microsoft Teams Blocking Users from Accessing Embedded Office Documents")
