CVE-2023-53886 – Xlight FTP Server 3.9.3.6 contains a stack buff... (How to Fix)

Q: What is the severity of CVE-2023-53886?

CVE-2023-53886 has a CVSS score of 7.5 (HIGH). Xlight FTP Server 3.9.3.6 contains a stack buffer overflow vulnerability in the 'Execute Program' configuration that allows attackers to crash the application by inserting 294 characters. This affects administrators who have configured or can access the Execute Program feature, potentially causing denial of service.

📋 TL;DR

Xlight FTP Server 3.9.3.6 contains a stack buffer overflow vulnerability in the 'Execute Program' configuration that allows attackers to crash the application by inserting 294 characters. This affects administrators who have configured or can access the Execute Program feature, potentially causing denial of service.

💻 Affected Systems

Products:

Xlight FTP Server

Versions: 3.9.3.6

Operating Systems: Windows

Default Config Vulnerable: ✅ No

Notes: Requires Execute Program configuration to be accessible; default installations may not have this enabled.

📦 What is this software?

Xlight Ftp Server by Xlightftpd

View all CVEs affecting Xlight Ftp Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise if the overflow can be controlled to execute arbitrary code.

🟠

Likely Case

Application crash causing denial of service, disrupting FTP services.

🟢

If Mitigated

Limited impact if Execute Program feature is disabled or access is restricted.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires access to Execute Program configuration; public proof-of-concept demonstrates crash.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.xlightftpd.com/

Restart Required: No

Instructions:

Check vendor website for updates; no official patch confirmed as of analysis.

🔧 Temporary Workarounds

Disable Execute Program Feature

windows

Remove or restrict access to the Execute Program configuration to prevent exploitation.

Navigate to Xlight FTP Server settings > Security > Execute Program and disable or remove entries.

🧯 If You Can't Patch

Restrict network access to Xlight FTP Server to trusted IPs only.
Monitor logs for unusual activity in Execute Program configuration changes.

🔍 How to Verify

Check if Vulnerable:

Check if Xlight FTP Server version is 3.9.3.6 and Execute Program configuration is accessible.

Check Version:

Open Xlight FTP Server GUI and check Help > About for version.

Verify Fix Applied:

Verify version is updated beyond 3.9.3.6 or Execute Program feature is disabled.

📡 Detection & Monitoring

Log Indicators:

Log entries showing application crashes or errors related to Execute Program configuration.

Network Indicators:

Unusual FTP traffic patterns or connection attempts to Execute Program endpoints.

SIEM Query:

Search for 'Xlight FTP Server crash' or 'Execute Program' in application logs.

📊 Metadata

CVE ID: CVE-2023-53886

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-121

EPSS Score: 0.06% exploit probability (18.9th percentile)

Published: December 15, 2025

Last Updated: December 18, 2025

🔗 References

https://www.exploit-db.com/exploits/51665 Exploit,Third Party Advisory
https://www.vulncheck.com/advisories/xlight-ftp-server-stack-buffer-overflow-vulnerability-via-execute-program Third Party Advisory
https://www.xlightftpd.com/ Vendor Advisory
https://www.exploit-db.com/exploits/51665 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-53886, you might also want to check these: