CVE-2025-59159
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-06

Last updated on: 2025-10-08

Assigner: GitHub, Inc.

Description
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. In versions prior to 1.13.4, the web user interface for SillyTavern is susceptible to DNS rebinding, allowing attackers to perform actions like install malicious extensions, read chats, inject arbitrary HTML for phishing attacks, etc. The vulnerability has been patched in the version 1.13.4 by introducing a server configuration setting that enables a validation of host names in inbound HTTP requests according to the provided list of allowed hosts: `hostWhitelist.enabled` in config.yaml file or `SILLYTAVERN_HOSTWHITELIST_ENABLED` environment variable. While the setting is disabled by default to honor a wide variety of existing user configurations and maintain backwards compatibility, existing and new users are encouraged to review their server configurations and apply necessary changes to their setup, especially if hosting over the local network while not using SSL.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-06
Last Modified
2025-10-08
Generated
2026-05-07
AI Q&A
2025-10-06
EPSS Evaluated
2026-05-05
NVD
CVE-2025-59159
EUVD
EUVD-2025-32145
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
sillytavern sillytavern 1.13.3
sillytavern sillytavern 1.13.4
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-346 The product does not properly verify that the source of data or communication is valid.
CWE-940 The product establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is coming from the expected origin.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-59159 is a DNS rebinding vulnerability in the SillyTavern web user interface versions prior to 1.13.4. This vulnerability allows attackers to bypass browser security policies by tricking the victim's browser into resolving the SillyTavern server's DNS to localhost (127.0.0.1). As a result, attackers can perform unauthorized actions such as installing malicious extensions, reading user chats, and injecting arbitrary HTML for phishing attacks. The root cause is improper validation of the origin and host headers, allowing malicious requests to be accepted by the server. The vulnerability is patched in version 1.13.4 by adding a host whitelisting feature that validates incoming HTTP request hostnames against a configured list of allowed hosts. [4, 3]


How can this vulnerability impact me? :

This vulnerability can have severe impacts including unauthorized remote attackers gaining full control over a SillyTavern instance running locally or on a local network. Attackers can read sensitive user chats, inject malicious HTML content to conduct phishing attacks, install harmful extensions, and compromise the confidentiality, integrity, and availability of the system. Since no privileges are required and only user interaction (visiting a malicious website) is needed, the risk is high. Exploitation can lead to data loss, unauthorized data access, and potential system compromise. [4, 1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

To detect exploitation attempts or suspicious activity related to CVE-2025-59159 on your SillyTavern instance, you should regularly monitor the server's access logs and console output for unusual incoming requests, especially those with unexpected Host headers or originating from untrusted IP addresses. The host whitelisting feature can be enabled in scan mode (`hostWhitelist.scan`) to log warnings about unrecognized hosts without blocking them, helping identify potential DNS rebinding attempts. Checking the access.log file and server console logs for repeated requests from suspicious sources or unusual user agents is recommended. While no specific commands are provided in the resources, typical commands to view logs on a Linux system might include `tail -f access.log` or `journalctl -u sillytavern.service` if running as a service. Additionally, network monitoring tools or packet capture utilities (e.g., tcpdump, Wireshark) can be used to observe traffic patterns targeting the SillyTavern server port (default 8000). [1, 3, 4]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps for CVE-2025-59159 include: 1) Upgrade SillyTavern to version 1.13.4 or later, where the vulnerability is patched. 2) Enable host whitelisting by setting `hostWhitelist.enabled` to true in the `config.yaml` file or by setting the environment variable `SILLYTAVERN_HOSTWHITELIST_ENABLED=true`. Configure the `hostWhitelist.hosts` list to include only trusted hostnames. 3) Use SSL/TLS encryption for your SillyTavern server, either via built-in SSL support or by deploying a reverse proxy (e.g., Traefik or Caddy) with proper TLS certificates. 4) Restrict network access using firewalls and IP whitelisting to limit connections to trusted IP ranges. 5) Enable basic authentication or external authentication services to protect access. 6) Avoid exposing the SillyTavern instance directly to the public internet without additional protections such as VPNs or tunneling services (Cloudflare Zero Trust, ngrok, Tailscale). 7) Regularly monitor logs for suspicious activity. These steps collectively reduce the risk of DNS rebinding attacks and unauthorized access. [1, 2, 3, 4, 5]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart