CVE-2023-53959 — Uncontrolled Search Path Element in Filezilla Client

CWE-427 — Uncontrolled Search Path Element7 documents6 sources

Severity

8.5HIGHNVD

EPSS

0.3%

top 47.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Filezilla-project Filezilla Client

Timeline

PublishedDec 19

Description

FileZilla Client 3.63.1 contains a DLL hijacking vulnerability that allows attackers to execute malicious code by placing a crafted TextShaping.dll in the application directory. Attackers can generate a reverse shell payload using msfvenom and replace the missing DLL to achieve remote code execution when the application launches.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5filezilla-project/filezilla_client3.63.1

▶NVDfilezilla-project/filezilla_client3.63.1

🔴Vulnerability Details

GHSA

GHSA-4h23-hj4v-f4xg: FileZilla Client 3↗2025-12-19

▶

CVEList

FileZilla Client 3.63.1 DLL Hijacking via Missing TextShaping.dll↗2025-12-19

▶

OSV

CVE-2023-53959: FileZilla Client 3↗2025-12-19

▶

📋Vendor Advisories

Debian

CVE-2023-53959: filezilla - FileZilla Client 3.63.1 contains a DLL hijacking vulnerability that allows attac...↗2023

▶

🕵️Threat Intelligence

Wiz

CVE-2023-53959 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2019-25683 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶