Volerion logoVolerion
Volerion logoVolerion

FileZilla Client DLL Hijacking Vulnerability Allowing Remote Code Execution

Vulnerability

A DLL hijacking vulnerability has been identified in FileZilla Client version 3.63.1. This vulnerability allows attackers to execute malicious code by placing a crafted TextShaping.dll file in the application directory. When FileZilla Client is launched, the application loads the malicious DLL, enabling the execution of arbitrary code. The vulnerability arises because the application does not properly validate the presence of the TextShaping.dll file, creating an opportunity for exploitation.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Reproduction

To reproduce this vulnerability, first create a malicious DLL file using msfvenom, targeting a reverse shell payload. Place the crafted DLL file in the FileZilla Client application directory. When FileZilla Client is launched, the application will load the malicious DLL, resulting in the execution of the reverse shell payload.

Added: Dec 19, 2025, 9:19 PM
Updated: Dec 19, 2025, 9:19 PM

Vulnerability Rating

Custom Algorithm
spread
7.8
impact
10.0
exploitability
4.6
remediation
0.0
relevance
1.6
threat
6.4
urgency
2.9
incentive
0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.