Cato Networks to Demonstrate Streamlit Vulnerability at BSides Toronto 2025
Cato CTRL to showcase how overlooked a file upload flaw can create a high-impact attack surface in cloud environments
TEL AVIV, Israel, September 25, 2025 – Cato Networks, the SASE leader, today announced that Snir Aviv (application security researcher at Cato Networks and member of Cato CTRL) and Yuval Moravchick (application security research team leader at Cato Networks and member of Cato CTRL) will present at BSides Toronto 2025.
The session, “Weaponizing Streamlit: Cloud Account Takeover Through File Upload Exploitation” (Sunday, October 5 at 11:00 AM ET), will demonstrate a flaw in Streamlit’s file uploader widget that leads to a cloud account takeover attack as revealed in a recent Cato CTRL blog. This vulnerability, which was disclosed by Cato CTRL to Streamlit and patched, enables threat actors to bypass client-side file checks, perform arbitrary file uploads, and gain persistent access to cloud environments.
“File upload flaws are often dismissed as minor issues,” said Snir Aviv, application security researcher at Cato Networks and member of Cato CTRL. “But in today’s cloud environments, these overlooked weaknesses can deliver total compromise. The goal with our research is to raise awareness and help the industry prioritize these risks before threat actors do.”
“Enterprises need to rethink how they treat ‘low severity’ vulnerabilities,” said Yuval Moravchick, application security research team leader at Cato Networks and member of Cato CTRL. “In the wrong conditions, they can fuel devastating exploits. Our research underscores the urgent need for enterprises to prioritize defense-in-depth with their cloud environments.”
To learn more about Cato’s threat intelligence team, visit the Cato CTRL page.
Resources
- [Photo] Snir Aviv
- [Photo] Yuval Moravchick
About Cato CTRL
Cato CTRL (Cyber Threats Research Lab) is the world’s first CTI group to fuse threat intelligence with granular network insight, made possible by Cato’s global SASE platform. By bringing together dozens of former military intelligence analysts, researchers, data scientists, academics and industry-recognized security professionals, Cato CTRL utilizes network data, security stack data, hundreds of security feeds, human intelligence operations, AI (Artificial Intelligence), and ML (Machine Learning) to shed light on the latest cyber threats and threat actors.
About Cato Networks
Cato Networks delivers enterprise security and networking in a single cloud platform. The SASE leader creates a seamless and elegant customer experience that effortlessly enables threat prevention, data protection, and timely incident detection and response. With Cato, organizations replace costly and rigid legacy infrastructure with an open and modular SASE architecture based on SD-WAN, a purpose-built global cloud network, and an embedded cloud-native security stack.
Want to learn why thousands of organizations secure their future with Cato? Visit us at www.catonetworks.com.
Media Contact
Cato Communications
