CVE-2025-59159: SillyTavern is a locally installed user interface that allows users to interact with text generation large language mode
Summary
SillyTavern, a locally installed interface for interacting with text generation AI models and other AI tools, has a vulnerability in versions before 1.13.4 that allows DNS rebinding (a network attack where an attacker tricks your computer into connecting to a malicious server by manipulating domain name lookups) to let attackers install harmful extensions, steal chat conversations, or create fake login pages. The vulnerability affects the web-based user interface and could be exploited especially when the application is accessed over a local network without SSL (encrypted connections).
Solution / Mitigation
The vulnerability has been patched in version 1.13.4. Users should update to this version. The fix includes a new server configuration setting called `hostWhitelist.enabled` in the config.yaml file or the `SILLYTAVERN_HOSTWHITELIST_ENABLED` environment variable that validates hostnames in incoming HTTP requests against an allowed list. The setting is disabled by default for backward compatibility, but users are encouraged to review their server configurations and enable this protection, especially if hosting over a local network without SSL.
Vulnerability Details
9.6(critical)
EPSS: 0.0%
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-59159
First tracked: February 15, 2026 at 08:53 PM
Classified by LLM (prompt v3) · confidence: 92%