The vulnerability exists in the CORS proxy middleware of SillyTavern and allows an attacker to supply arbitrary URLs via the req.params.url parameter, which are then fetched directly by the application. Because no allowlist or loopback restrictions are applied, an attacker can provoke the application to reach internal or external services. This results in a Remote Server Request Forgery (SSRF) that could expose hidden resources or be used as a foothold for further attacks. The weakness is identified as CWE‑918, indicating an insecure proxy or relay. The CVSS score of 6.9 classifies the flaw as a medium severity issue, typically implying that the attack can be leveraged once an attacker can reach the vulnerable endpoint but may not provide direct code execution.

The flaw affects all local installations of SillyTavern running a version earlier than 1.18.0. The product is listed as SillyTavern SillyTavern and the vulnerability is tied to versions before the 1.18.0 release. No specific platforms are mentioned, so the issue applies to any environment where the UI is installed and accessed locally or over a local network.

Exploitability requires the attacker to be able to send requests to the target instance or to have access to the same network that hosts it. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. With a CVSS of 6.9, the risk is considered moderate; it could be mitigated by simply upgrading the application, but before doing so, administrators should audit outbound connectivity or limit exposure of the CORS proxy endpoint.