PT-2025-52529 · Filezilla · Filezilla Client
Bilal Qureshi
·
Published
2025-12-19
·
Updated
2025-12-20
·
CVE-2023-53959
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
FileZilla Client version 3.63.1
Description
The FileZilla Client application is susceptible to a DLL hijacking issue. An attacker can exploit this by placing a specially crafted
TextShaping.dll file within the application directory. Successful exploitation allows the attacker to execute malicious code, potentially achieving remote code execution when the application is launched. The attack involves replacing a missing DLL with a malicious payload, which can be generated using tools like msfvenom.Recommendations
Replace the
TextShaping.dll file in the FileZilla Client application directory with a legitimate version.Exploit
Fix
RCE
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Filezilla Client