CVE-2023-53959

CriticalPublic PoC

Published: 19 December 2025

Published

19 December 2025

Modified

09 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0037 59.0th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

FileZilla Client 3.63.1 contains a DLL hijacking vulnerability that allows attackers to execute malicious code by placing a crafted TextShaping.dll in the application directory. Attackers can generate a reverse shell payload using msfvenom and replace the missing DLL to achieve…

remote code execution when the application launches.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Timely flaw remediation through vendor patching directly eliminates the DLL hijacking vulnerability in FileZilla Client 3.63.1, preventing exploitation.

CM-14 Signed Components good match

prevent

Requiring digital signatures for system components like TextShaping.dll prevents the application from loading attacker-placed malicious unsigned DLLs.

SI-7 Software, Firmware, and Information Integrity good match

preventdetect

Integrity verification mechanisms detect unauthorized changes to application DLLs, blocking or alerting on the placement of malicious TextShaping.dll.

Security SummaryAI

CVE-2023-53959 is a DLL hijacking vulnerability (CWE-427) in FileZilla Client version 3.63.1. The flaw occurs because the application attempts to load a missing TextShaping.dll from its directory, enabling attackers to place a malicious version of this DLL in the application directory to execute arbitrary code upon launch.

The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating it is exploitable remotely with low complexity, no privileges, and no user interaction. Attackers can generate a reverse shell payload using msfvenom, replace the missing DLL with it, and achieve remote code execution when a user launches the affected FileZilla Client.

Advisories and references, including those from Vulncheck (vulncheck.com/advisories/filezilla-client-dll-hijacking-via-missing-textshapingdll) and a proof-of-concept exploit on Exploit-DB (exploit-db.com/exploits/51267), detail the issue, while the FileZilla project site (filezilla-project.org) provides relevant updates for practitioners to review.

Details

CWE(s): CWE-427

Affected Products

filezilla-project

filezilla client

3.63.1

MITRE ATT&CK Enterprise TechniquesAI

T1574.001 DLL Stealth

Adversaries may abuse dynamic-link library files (DLLs) in order to achieve persistence, escalate privileges, and evade defenses.

attack.mitre.org →

Why these techniques?

The vulnerability involves DLL hijacking via a missing TextShaping.dll in the application directory and untrusted search path (CWE-427), directly enabling DLL Search Order Hijacking (T1038), DLL Side-Loading (T1073, T1574.002) for arbitrary code execution upon application launch.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://filezilla-project.org/
Product · disclosure@vulncheck.com
https://www.exploit-db.com/exploits/51267
Exploit, Third Party Advisory, VDB Entry · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/filezilla-client-dll-hijacking-via-missing-textshapingdll
Third Party Advisory · disclosure@vulncheck.com