CVE-2023-53959
Unknown Unknown - Not Provided
DLL Hijacking in FileZilla Client 3.63.1 Enables Remote Code Execution

Publication date: 2025-12-19

Last updated on: 2026-04-09

Assigner: VulnCheck

Description
FileZilla Client 3.63.1 contains a DLL hijacking vulnerability that allows attackers to execute malicious code by placing a crafted TextShaping.dll in the application directory. Attackers can generate a reverse shell payload using msfvenom and replace the missing DLL to achieve remote code execution when the application launches.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-19
Last Modified
2026-04-09
Generated
2026-06-16
AI Q&A
2025-12-19
EPSS Evaluated
2026-06-15
NVD
CVE-2023-53959
EUVD
EUVD-2025-204606
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
filezilla-project filezilla_client 3.63.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-427 The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2023-53959 is a DLL hijacking vulnerability in FileZilla Client version 3.63.1. The application is missing the TextShaping.dll file, which allows an attacker to place a maliciously crafted TextShaping.dll in the application's directory. When FileZilla launches, it loads this malicious DLL, enabling the attacker to execute arbitrary code remotely. Attackers can create a reverse shell payload using msfvenom and replace the missing DLL with their payload to gain control when the application starts. [2, 3]

Impact Analysis

This vulnerability allows a local attacker with low privileges to execute high-impact malicious code on the affected system without user interaction. By exploiting the missing TextShaping.dll, the attacker can run a reverse shell payload, effectively gaining remote code execution and control over the system where FileZilla Client 3.63.1 is installed. This can lead to unauthorized access, data theft, or further compromise of the affected machine. [2, 3]

Detection Guidance

This vulnerability can be detected by checking the FileZilla Client installation directory for the presence or absence of the TextShaping.dll file. If the DLL is missing, it indicates the system is vulnerable to DLL hijacking. Additionally, monitoring for unexpected DLL files named TextShaping.dll in the FileZilla directory or unusual network connections (such as reverse shell attempts) can help detect exploitation. Commands to assist detection include listing the contents of the FileZilla directory (e.g., using 'dir' on Windows or 'ls' on Linux if applicable) to verify the presence of TextShaping.dll, and using network monitoring tools like 'netstat' or 'tcpview' to detect suspicious connections. For example, on Windows, you can run: 'dir "C:\Program Files\FileZilla FTP Client"\TextShaping.dll' to check for the DLL, and 'netstat -an | findstr 7777' to check for connections on the reverse shell port if known. Also, running a listener with 'nc -lvp 7777' can help detect incoming reverse shell connections if you suspect exploitation. [2, 3]

Mitigation Strategies

Immediate mitigation steps include ensuring that the legitimate TextShaping.dll is present in the FileZilla Client installation directory to prevent DLL hijacking. If the DLL is missing, obtain the correct DLL from a trusted source or reinstall FileZilla Client version 3.63.1 or later where the issue is fixed. Restrict write permissions on the FileZilla installation folder to prevent attackers from placing malicious DLLs. Additionally, monitor and block suspicious network activity related to reverse shell connections. Avoid running FileZilla Client with elevated privileges to reduce the impact of potential exploitation. [2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-53959. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart