CVE-2023-53886
published 2025-12-15CVE-2023-53886: Xlight FTP Server 3.9.3.6 contains a stack buffer overflow vulnerability in the 'Execute Program' configuration that allows attackers to crash the application…
PriorityP337high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.36%
28.4th percentile
Xlight FTP Server 3.9.3.6 contains a stack buffer overflow vulnerability in the 'Execute Program' configuration that allows attackers to crash the application. Attackers can trigger the vulnerability by inserting 294 characters into the program execution configuration, causing a denial of service condition.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xlightftpd | xlight_ftp_server | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv4.05.1MEDIUMCVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2019-25681 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2019-25681 [MEDIUM] CVE-2019-25681 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2019-25681 :
Xlight FTP Server vulnerability analysis and mitigation
Xlight FTP Server 3.9.1 contains a structured exception handler (SEH) overwrite vulnerability that allows local attackers to crash the application and overwrite SEH pointers by supplying a crafted buffer string. Attackers can inject a 428-byte payload through the program execution field in virtual server configuration to trigger a buffer overflow that corrupts the SEH chain and enables potential code execution.
Source : NVD
## 8.6
Score
Published April 5, 2026
Severity HIGH
CNA Score 8.6
Affected Technologies
Xlight FTP Server
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.3
Exploitation Probability (EPSS)
Wiz
CVE-2023-53886 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.8
CVE-2023-53886 [MEDIUM] CVE-2023-53886 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2023-53886 :
Xlight FTP Server vulnerability analysis and mitigation
Xlight FTP Server 3.9.3.6 contains a stack buffer overflow vulnerability in the 'Execute Program' configuration that allows attackers to crash the application. Attackers can trigger the vulnerability by inserting 294 characters into the program execution configuration, causing a denial of service condition.
Source : NVD
## 5.1
Score
Published December 15, 2025
Severity MEDIUM
CNA Score 5.1
Affected Technologies
Xlight FTP Server
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 21.5
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:xlightftpd:xlight_ftp_server
Sources
Windows No
2025-12-15
Published