CVE-2025-59159: 
JavaScript vulnerability analysis and mitigation

CVE-2025-59159 affects SillyTavern, a locally installed user interface for interacting with text generation large language models, image generation engines, and text-to-speech voice models. The vulnerability was discovered and disclosed on October 6, 2025, and affects versions prior to 1.13.4. The web interface is susceptible to DNS rebinding attacks, which could allow attackers to perform malicious actions without requiring direct exposure of the SillyTavern instance (GitHub Advisory, NVD).

The vulnerability stems from insufficient host validation in the SillyTavern web interface, enabling DNS rebinding attacks that bypass browser Cross-Origin Resource Sharing (CORS) restrictions. The attack works by tricking the browser into resolving 127.0.0.1 for a site's DNS address, allowing unauthorized access to the backend API without requiring the instance to be publicly exposed. The vulnerability has received a CVSS v3.1 score of 9.7 (Critical), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H (Security Online, GitHub Advisory).

The vulnerability allows attackers to gain full control over SillyTavern instances. Potential impacts include unauthorized access to chat logs, deployment of malicious extensions, arbitrary HTML injection leading to phishing attacks, and access to stored API keys for various AI services including OpenAI, Anthropic Claude, KoboldAI, and Mistral. The attack can succeed even on installations hosted only on local networks or Termux mobile environments if users visit a malicious website while SillyTavern is running (Security Online).

The vulnerability has been patched in version 1.13.4 through the introduction of a server configuration setting that enables validation of host names in inbound HTTP requests. Users can enable this protection by setting 'hostWhitelist.enabled' in the config.yaml file or using the 'SILLYTAVERN_HOSTWHITELIST_ENABLED' environment variable. While this setting is disabled by default for compatibility reasons, users are strongly encouraged to enable it, especially when hosting over local networks without SSL (SillyTavern Docs).