CVE-2025-59159

Name of the Vulnerable Software and Affected Versions SillyTavern versions prior to 1.13.4

Description SillyTavern is a locally installed user interface for interacting with large language models, image generation engines, and text-to-speech models. The web user interface, in versions prior to 1.13.4, is susceptible to DNS rebinding. This allows attackers to perform actions such as installing malicious extensions, reading chats, and injecting arbitrary HTML for phishing attacks. The issue enables full remote code execution (RCE)-like control over a user’s SillyTavern instance. Attackers can exploit this by hosting a malicious HTML file and tricking a user’s browser into resolving a specific DNS address. The vulnerability was addressed in version 1.13.4 by introducing a server configuration setting that validates host names in inbound HTTP requests, using a whitelist of allowed hosts. This setting is controlled by hostWhitelist.enabled in the config.yaml file or the SILLYTAVERN HOSTWHITELIST ENABLED environment variable.

Recommendations Update to SillyTavern version 1.13.4 or later. Enable the hostWhitelist.enabled setting in the config.yaml file or set the SILLYTAVERN HOSTWHITELIST ENABLED environment variable to validate host names in inbound HTTP requests.