CVE-2025-59159
📋 TL;DR
SillyTavern versions before 1.13.4 are vulnerable to DNS rebinding attacks, allowing attackers to bypass same-origin policy and perform malicious actions through the web interface. This affects all users running vulnerable versions, particularly those hosting over local networks without SSL. Attackers could install malicious extensions, read private chats, or inject phishing content.
💻 Affected Systems
- SillyTavern
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the SillyTavern instance allowing attackers to install malicious extensions, steal all chat data, perform phishing attacks against users, and potentially gain further access to the host system.
Likely Case
Attackers reading private chat conversations and injecting malicious content for phishing or credential theft.
If Mitigated
No impact when proper host whitelisting is enabled and configured correctly.
🎯 Exploit Status
DNS rebinding is a well-known attack technique that can be automated. No public exploit code has been released but the attack pattern is documented.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.13.4
Vendor Advisory: https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-7cxj-w27x-x78q
Restart Required: Yes
Instructions:
1. Update SillyTavern to version 1.13.4 or later. 2. Enable host whitelisting by setting hostWhitelist.enabled: true in config.yaml or SILLYTAVERN_HOSTWHITELIST_ENABLED=true environment variable. 3. Configure allowed hosts list. 4. Restart the SillyTavern service.
🔧 Temporary Workarounds
Enable SSL/TLS
allUse HTTPS with valid certificates to prevent DNS rebinding attacks
Network Isolation
allRun SillyTavern only on localhost (127.0.0.1) instead of binding to network interfaces
Configure server to bind only to 127.0.0.1 in server settings
🧯 If You Can't Patch
- Enable SSL/TLS with valid certificates for all network access
- Restrict SillyTavern to localhost only and use SSH tunneling for remote access
🔍 How to Verify
Check if Vulnerable:
Check SillyTavern version is below 1.13.4 AND host whitelisting is disabled in config.yaml or environment variablesCheck Version:
Check package.json or about dialog in SillyTavern web interfaceVerify Fix Applied:
Confirm version is 1.13.4 or higher AND hostWhitelist.enabled is set to true in config.yaml with proper allowed hosts configured📡 Detection & Monitoring
Log Indicators:
- Unauthorized host headers in HTTP requests
- Unexpected extension installations
- Suspicious chat access patterns
Network Indicators:
- DNS queries for attacker-controlled domains from SillyTavern server
- HTTP requests with mismatched Host headers
SIEM Query:
Search for web server logs with Host header not matching expected SillyTavern domains/IPs🔗 References
- https://docs.sillytavern.app/administration/#security-checklist
- https://docs.sillytavern.app/administration/config-yaml/#host-whitelisting
- https://github.com/SillyTavern/SillyTavern/commit/d134abd50e4a416e3b81233242583b0a23f38320
- https://github.com/SillyTavern/SillyTavern/releases/tag/1.13.4
- https://github.com/SillyTavern/SillyTavern/security/advisories/GHSA-7cxj-w27x-x78q
