Uploaded a "Picture" — Opened SSH: Hackers Manipulate Markets Through Fake Dashboards
Every uploaded file had the potential to trigger massive market manipulation.
Every uploaded file had the potential to trigger massive market manipulation.
Streamlit, a popular open-source framework used to build data analytics and machine learning web apps, was found to contain a critical vulnerability in its file upload component. This flaw — stemming from the lack of server-side validation — exposed cloud infrastructure to compromise and unauthorized access, including sensitive financial dashboards.
The vulnerability was discovered in February 2025 by the application security research team at Cato Networks. They demonstrated how attackers could bypass the file type restrictions in the built-in st.file_uploader widget by tampering with file metadata during transmission, ultimately uploading malicious content to the server.
Although Streamlit’s documentation claimed to enforce file type restrictions, the actual validation was performed only on the client side using JavaScript — making it trivial to bypass with traffic interception tools like Burp Suite.
Real-Time Manipulation and Financial Risk
Cato Networks showcased an attack scenario where compromised Streamlit apps could be used to alter or spoof data in real time. Notably, they described how attackers could manipulate financial dashboards that displayed stock quotes or market analytics. This could influence trader behavior and potentially cause widespread market distortions.
Once attackers gained access to a vulnerable cloud server, they could write arbitrary files, including critical system files like authorized_keys — effectively granting themselves persistent SSH access. They also demonstrated directory traversal attacks, which could be used to overwrite or exfiltrate sensitive cloud data stored in unprotected locations.
Streamlit's Response: Update Released, But No CVE
Streamlit acknowledged the issue and released version 1.43.2 on March 11, 2025, which added server-side file type checks. However, the company did not assign a CVE identifier, arguing that the flaw was due to application developers misusing the platform — a claim Cato Networks strongly disputes.
According to the researchers, developers were misled by Streamlit’s documentation and interface, which implied security that didn’t exist. In their view, the platform provider bears responsibility for failing to implement proper server-side controls by default.
A Warning for the Open Source Ecosystem
This incident underscores the critical importance of secure defaults and proper validation in widely used frameworks — particularly those embedded in sensitive environments, from healthcare analytics to algorithmic trading platforms.
Given that Streamlit is owned by Snowflake and often deployed in cloud infrastructures, the potential impact of such a vulnerability was significant.
Recommended Actions
Organizations using Streamlit in production are strongly advised to:
- Update to version 1.43.2 or higher immediately
- Implement server-side file validation regardless of client-side settings
- Enforce network restrictions for upload endpoints
- Deploy access control and anomaly detection for runtime monitoring
These steps will help mitigate the risk of similar attacks, especially as threats against the open-source ecosystem continue to grow in both complexity and frequency.
