CVE-2023-53959 HIGH

CVE-2023-53959: FileZilla Client 3.63.1 DLL Hijacking via Missing TextShaping.dll

Vendor Filezilla-Project
Product FileZilla Client
Weakness CWE-427
Published December 19, 2025
Last update April 7, 2026

CVSS base score

8.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

FileZilla Client 3.63.1 contains a DLL hijacking vulnerability that allows attackers to execute malicious code by placing a crafted TextShaping.dll in the application directory. Attackers can generate a reverse shell payload using msfvenom and replace the missing DLL to achieve remote code execution when the application launches.

Key dates

02Disclosure timeline

December 19, 2025 CVE published
April 7, 2026 Record updated